Blog de Tenable
Dynamic Objects in Active Directory: The Stealthy Threat
AWS Identity Federation and Least Privilege – Friends or Foes?
Learn how to address the challenges in basic and advanced implementations of AWS federation.
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
Six vulnerabilities in a popular license management product put industrial control systems at risk for remote attacks. Background On September 8, researchers at Claroty published their detailed analysis, dubbed “License to Kill,” covering several vulnerabilities they discovered in CodeMeter…
Understanding Cross-Origin Resource Sharing Vulnerabilities
To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely heavily on JavaScript to be dynamic, and ensure the best experience for end-users. Providing content…
Protect Applications and Data with Cloud Infrastructure Entitlements Management (CIEM)
Breaking down the hype around cloud infrastructure entitlements management.
Las estafas explotan obsequios para COVID-19 vía Venmo, PayPal y Cash App
The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills.As Cash App steps up the frequency of its giveaways, and celebrities and other notable figures launch…
¿Qué es el VPR y en qué se diferencia del CVSS?
This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR that make it a more suitable tool for prioritizing remediation efforts than the Common Vulnerability…
CVE-2020-1938: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (CNVD-2020-10487)
Several proof-of-concept exploit scripts for recently patched flaw in Apache Tomcat are now available.BackgroundOn February 20, China National Vulnerability Database (CNVD) published a security advisory for CNVD-2020-10487, a severe vulnerability in Apache Tomcat’s Apache JServ Protocol (or AJP)…
¿Soy inteligente o solo afortunado? Comprender el riesgo de la integridad del proceso con Tenable Lumin
El riesgo del sistema de negocios y el riesgo de integridad del proceso son dos métricas esenciales para una práctica madura de gestión de vulnerabilidades basada en el riesgo.Con la nueva puntuación de madurez de la evaluación, Tenable Lumin le proporciona información sobre ambos.Risk-based vulnerability management requires metrics addressing two types of…
Estafas de Cash App: los sorteos atrapan a los usuarios de Instagram, mientras que los videos de YouTube prometen dinero fácil
Los estafadores de Cash App atacan a usuarios de Instagram y YouTube. Here’s what you need to know about their tactics — and how to avoid being conned.In part one of our two-part series on Cash App scammers, I explored how promotional tactics used by the popular person-to-person (P2P) payment…