September 17, 2024 at 09:15AM Tenable revealed details of the CloudImposer attack method, which could have led to remote code execution on Google Cloud Platform (GCP). The attack exploited a Python argument to carry out a dependency confusion attack. After reporting the vulnerability, Google promptly patched the RCE bug and updated its documentation to mitigate … Read more
September 5, 2024 at 07:12AM Multiple threat groups have exploited two old vulnerabilities in DrayTek VigorConnect management software to target organizations worldwide. The flaws allow attackers to download arbitrary files with root privileges. Exploitation attempts spiked in August, prompting CISA to add the vulnerabilities to its KEV catalog. The attacks seem broad and not targeting … Read more
August 28, 2024 at 12:51PM Fortra has patched a critical security flaw in FileCatalyst Workflow (CVE-2024-6633) that could give remote attackers admin access via HSQL database. Tenable discovered flaws, one allowing SQL injection (CVE-2024-6632). Responsible disclosure led to patch release in version 5.1.7, fixing both vulnerabilities. Follow us on Twitter and LinkedIn for more exclusive … Read more
June 7, 2024 at 11:33AM Tenable, a well-known player in vulnerability management, has announced the acquisition of Israeli startup Eureka Security, specializing in DSPM. The deal enhances Tenable’s Cloud-Native Application Protection Platform and provides tools to assess and manage data risk. This acquisition follows Tenable’s previous purchase of another Israeli cloud security firm, Ermetic. Financial … Read more
May 20, 2024 at 11:42AM Fluent Bit, a widely used logging utility, has a critical vulnerability allowing DoS attacks, information disclosure, and potential RCE. Tenable found a memory corruption flaw, affecting major cloud and tech companies. While a patch is developed, it’s not released. Users are advised to mitigate risks by restricting API access and … Read more
March 21, 2024 at 09:45AM Cybersecurity company Tenable disclosed a one-click vulnerability on AWS service allowing complete user account takeover. Named FlowFixation, it affected the Managed Workflows Apache Airflow service. The flaw, now patched, enabled session manipulation for web management panel takeover and potential remote code execution. Tenable’s wider findings on misconfigured shared-parent domains prompted … Read more
February 29, 2024 at 04:46PM Tenable® released Tenable One for OT/IoT, the first exposure management platform offering comprehensive visibility into assets across IT, operational technology (OT), and IoT environments. This solution aims to address the increasing cyber attack surface due to interconnected assets, providing actionable risk intelligence to mitigate operational risks and prioritize security measures. … Read more
January 9, 2024 at 11:33AM Criminal IP, a Cyber Threat Intelligence search engine developed by AI SPERA, has partnered with Tenable for threat analysis and exposure management. It streamlines essential IP address data to Tenable’s platform, empowering users to proactively identify and mitigate potential threats. This collaboration provides a comprehensive solution for cybersecurity strategy and … Read more