TL;DR: The Tenable Research 2020 Threat Landscape Retrospective
January 14, 2021Tenable’s Security Response Team takes a look back at the major vulnerability and cybersecurity news of 2020 to develop insight and guidance for defenders. Søren Kierkegaard, the Danish philosopher, ...
Microsoft’s January 2021 Patch Tuesday Addresses 83 CVEs
January 12, 2021In its first Patch Tuesday of 2021, Microsoft patched 83 CVEs including 10 critical vulnerabilities Microsoft patched 83 CVEs in the January 2021 Patch Tuesday release, including 10 CVEs rated as cri...
Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
December 8, 2020The final Patch Tuesday of 2020 includes fixes for 58 CVEs, including workaround details for a severe vulnerability in Windows DNS Resolver called SAD DNS. Microsoft patched 58 CVEs in the December 2...
COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times
December 7, 2020Tenable’s Zero-Day Research team found encouraging trends in how quickly software vendors are responding to our private disclosures, as well as how they’re addressing critical and high-severity vulner...
Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
November 10, 2020Microsoft addressed over 112 CVEs in its November release, including a zero-day vulnerability in the Windows kernel that was exploited in the wild as part of a targeted attack. Microsoft patched 112 ...
Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates
October 21, 2020Oracle’s latest Critical Patch Update surpasses the 400 mark for the second time this year with 402 security patches addressing 230 CVEs, including numerous critical vulnerabilities in Oracle Fusion M...
Writing Security Advisories: 5 Best Practices For Vendors
October 15, 2020To maximize the impact of your security advisories, here are some key steps vendors can take to support automated workflows and timely remediation efforts. Over the years we’ve seen every variat...
Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
October 13, 2020For the first time in seven months, Microsoft patches less than 100 CVEs, addressing 87 CVEs in its October release. Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 ...
New to Chatbots? Understand Your Security Risk
September 30, 2020With the increasing use of chatbots as a frontline tool for businesses, organizations need to take a closer look at the security of such services and include them in their threat model. Chatbots are ...
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
September 17, 2020CISA warns that foreign threat actors from China and Iran are routinely targeting unpatched vulnerabilities across government agencies and U.S.-based networks. Background On September 14 and Septemb...
Understanding Cross-Origin Resource Sharing Vulnerabilities
September 11, 2020To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely hea...
Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs
September 8, 2020For the fourth month in a row, Microsoft patches over 120 CVEs, addressing 129 CVEs in its September release. Update September 10, 2020: Updated the section for CVE-2020-16875 to account for a revisi...