TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services
September 3, 2020TikTok’s popular “#ForYou” page has become a habitat for scammers peddling fake mobile applications, diet pills, drop-shipped goods, fake gift cards and more. The fate of TikTok’s operations in the U....
CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
September 1, 2020Tenable Research discovers multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Background On September 1, we published TRA-202...
Ripple20: More Vulnerable Devices Discovered, Including New Vendors
August 4, 2020A partnership between Tenable and JSOF continues to uncover additional devices vulnerable to Ripple20. Update September 9, 2020: The Affected Vendors section has been updated based on feedback from v...
Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)
July 14, 2020Microsoft addresses 123 CVEs, including CVE-2020-1350, a wormable remote code execution vulnerability in Windows DNS Server dubbed “SIGRed.” For the fifth month in a row, Microsoft has patched over 1...
Tenable Research Discloses Multiple Vulnerabilities in Plex Media Server
June 16, 2020Tenable Research discovered multiple vulnerabilities in Plex Media Server, a popular media streaming and sharing service, that could allow attackers to gain full system privileges and access to person...
How Organizations Can Reduce the Economic Incentives of Vulnerabilities
June 10, 2020In the last of our three-part series, Tenable Research evaluates the prevalence of vulnerabilities across the global population, as well as the implications of those findings on attackers' economic in...
Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
June 9, 2020Microsoft continues its streak of patching over 100 CVEs, addressing 129 CVEs in June, including a fix for a new SMBv3 vulnerability dubbed SMBleed. For the fourth month in a row, Microsoft has patch...
What Is the Lifespan of a Vulnerability?
June 8, 2020In the second of our three-part series on persistent vulnerabilities, Tenable Research examines survival data to assess how effectively traditional remediation tactics are combating the attacker's adv...
A Look at What Makes a Vulnerability Survive in the Remediation Race
June 4, 2020In the first of our three-part series, Tenable Research unveils the key findings from our new report on common persistent vulnerabilities, including their likely causes and the importance of prioritiz...
Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App
May 13, 2020The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills.As Cash ...
Microsoft’s May 2020 Patch Tuesday Addresses 111 CVEs
May 12, 2020After back-to-back months of patching more than 100 CVEs, Microsoft released another 111 CVEs this month, none of which were publicly disclosed or exploited in the wild. Microsoft addressed 111 CVEs ...
Instacart Patches SMS Spoofing Vulnerability Discovered by Tenable Research
May 5, 2020As grocery delivery services have seen an increase in traffic from users during the coronavirus pandemic, Tenable Research identified an SMS spoofing flaw that could have allowed an attacker to send s...