Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable blog

January 22, 2025

Oracle January 2025 Critical Patch Update Addresses 186 CVEs

Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January 202...

June 25, 2024

CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability

Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability....


June 25, 2024

Understanding Customer Managed Encryption Keys (CMKs) in AWS, Azure and GCP: A Comparative Insight

Explore critical differences in handling customer-managed encryption keys (CMKs) across AWS, Azure and GCP to avoid security misconfigurations and protect your data effectively....


June 21, 2024

CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild

Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised....


June 21, 2024

Cybersecurity Snapshot: FTC Believes TikTok Broke U.S. Law, Asks Justice Dept. To Intervene, while French Cyber Agency Warns About Nobelium / Midnight Blizzard

TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, check out a Tenable poll about dealing with vulnerabilities without pat...


June 17, 2024

How to Discover, Analyze and Respond to Threats Faster with Generative AI

Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing a...


June 14, 2024

Cybersecurity Snapshot: U.K. Cyber Agency Urges Software Vendors To Boost Product Security, While U.S. Gov’t Wants Info on Banks’ AI Use

Check out the NCSC’s call for software vendors to make their products more secure. Plus, why the Treasury Department is looking at how financial institutions are using AI. And the latest on the cybersecurity skills gap in the U.S. And much more!...


June 11, 2024

Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs

Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub)....


June 11, 2024

Cloud Workload Protection: The Key to Decreasing Cloud Security Risks

More than 80% of all breaches involve data stored in the cloud, and security teams that don’t use cloud workload protection (CWP) may never get ahead of attackers who want to access as much data as possible with the least effort. A single cloud breach is often the most straightforward way into these...


June 7, 2024

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability

Researchers disclose a critical severity vulnerability affecting PHP installations and provide proof-of-concept exploit code, which could lead to remote code execution....


Cybersecurity news you can use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

A Look Inside the Ransomware Ecosystem

Download the Report >