Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Group
July 20, 2022Having gained the industry’s attention in the first months of 2022, the LAPSUS$ extortion group has largely gone quiet. What can we learn from this extortion group’s story and tactics?
Securing Critical Infrastructure: What We've Learned from Recent Incidents
July 14, 2022Learn about well-known vulnerabilities and attacks and how they affected critical infrastructure —from Phone Phreaking to recent ransomware.
Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal Enterprise
June 22, 2022Ransomware is a constantly evolving cyberthreat, and it is through its evolution that ransomware has managed to not only survive, but thrive.
Identifying XML External Entity: How Tenable.io Web Application Scanning Can Help
June 20, 2022XML External Entity (XXE) flaws present unique mitigation challenges and remain a common attack path. Learn how XXE flaws arise, why some common attack paths are so challenging to mitigate and how Tenable.io Web Application Scanning can help.
Microsoft Azure Synapse Pwnalytics
June 13, 2022Since March 10, Tenable Research has attempted to work with Microsoft to address two serious flaws in the underlying infrastructure of Azure Synapse Analytics.
So Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current Vulnerability Landscape
June 8, 2022Among the thousands of vulnerabilities disclosed so far in 2022, we highlight five and explain why they matter.
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies
May 26, 2022Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites.
Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out
March 11, 2022The 2021 Threat Landscape Retrospective explored the top five vulnerabilities of the year. Learn about other high-impact vulnerabilities that nearly made our list. When putting together the Threat ...
The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most
January 19, 2022A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond.
YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious Products Scams for Views and Subscribers
January 12, 2022As Google's TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.
Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live
November 23, 2021Scammers are leveraging compromised YouTube accounts to promote fake cryptocurrency giveaways for Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu and other cryptocurrencies.
Identifying Server Side Request Forgery: How Tenable.io Web Application Scanning Can Help
November 18, 2021Learn how SSRF flaws arise, why three common attack paths are so challenging to mitigate and how Tenable.io Web Application Scanning can help.