Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out
The 2021 Threat Landscape Retrospective explored the top five vulnerabilities of the year. Learn about other high-impact vulnerabilities that nearly made our list. When putting together the Threat ...
The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most
A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond.
YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious Products Scams for Views and Subscribers
As Google's TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.
Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live
Scammers are leveraging compromised YouTube accounts to promote fake cryptocurrency giveaways for Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu and other cryptocurrencies.
Identifying Server Side Request Forgery: How Tenable.io Web Application Scanning Can Help
Learn how SSRF flaws arise, why three common attack paths are so challenging to mitigate and how Tenable.io Web Application Scanning can help.
Examining the Treat Landscape
Are you leaving treats on the table for attackers? Understand the current treat landscape and how to reduce your exposure.
TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money
Stolen video footage of celebrities, content creators and others is being used by scammers in TikTok LIVE streams to earn TikTok gifts, peddle questionable products and drive users to adult dating websites.
How to Use Tenable.io WAS to Find and Fix Sensitive Information Exposure in Microsoft Power Apps
Researchers identified a configuration issue in Microsoft Power Apps portals that exposed millions of records for nearly 50 organizations. Learn how you can use Tenable.io Web App Scanning to identify...
Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
Three critical SSL VPN vulnerabilities have become some of the most exploited by advanced persistent threat actors and ransomware groups. To effectively prioritize remediation efforts, defenders must...
One Year Later: What Can We Learn from Zerologon?
In a year of headline-making vulnerabilities and incidents, Zerologon (CVE-2020-1472) stands out due to its widespread adoption by threat actors and its checkered disclosure timeline. In our Threat L...
Zero Day Vulnerabilities in Industrial Control Systems Highlight the Challenges of Securing Critical Infrastructure
The disclosure of zero day vulnerabilities in several Schneider Electric industrial control systems highlights the need to revamp cybersecurity practices in operational technology environments. ...
Dealing with the Attack Surface Beyond Vulnerabilities
A good understanding of the attack surface is of prime importance in measuring and prioritizing risk. Here's how Tenable's data can allow security professionals to have a more realistic view of their ...