Tenable Blog

Researchers published and deleted proof-of-concept code for a remote code execution vulnerability in Windows Print Spooler, called PrintNightmare, though the PoC is likely still available.

Update July 2: The Background, Analysis and Solution sections have been updated with new information for CVE-2021-34527 issued by Microsoft on July 1. No patch has yet been released for the new CVE, but additional information and mitigation options are offered in the advisory.

Researchers at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit.

Update June 28: The Background section has been updated to correct the initial publication date of Cisco's advisory. The Vendor Response section has also been updated.

SonicWall issues a new advisory and CVE identifier to address an incomplete fix for CVE-2020-5135.

When only select ports require scanning, use these easy steps to define them

When assessing targets with a network scanner like Nessus, a common question is "How do I control the ports that Nessus tests during a scan?" This blog covers a number of options, including:

Follow these best practices to harden your Active Directory security against cyberattacks and stop attack paths.

Active Directory (AD) equips businesses using Windows devices to organize IT management at the enterprise level. This centralized, standard Windows system equips IT administrators with increased control over access and security within their operations, elevating management of all network devices, domains and account users. AD delivers several mission-critical manageability, security and interoperability functions for businesses of every size and scope, including: