Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Ditch the Spreadsheet and Step Up Your Vulnerability Management Game

Moving from Nessus Pro to Tenable.sc or Tenable.io can easily help you mature your vulnerability management program. Here's what you need to know.

Does your vulnerability management workflow involve a spreadsheet at any point? If so, you’re doing it wrong. Well, maybe not wrong per se, but definitely inefficiently.

In my career, I’ve been both the recipient and the creator of some monster-sized vulnerability spreadsheets that triggered “whack-a-mole” remediation exercises. It can be daunting to determine not only what to fix, but in what order.

Read More

Nessus at 20: Why It’s More Than a Product to Me

In honor of the 20th anniversary of Nessus this year, we've been asking users around the world to answer the question, "I love Nessus because...." Here, Tenable's VP and Deputy CTO Glen Pendley does just that, sharing his experiences working with Nessus over the past two decades – and tells us how it delivered his first rock-star moment.

Editor's Note: This blog post was updated on Monday, October 1, to include a look at the new features introduced in Nessus 8.

Read More

Nessus Turns 20!

Twenty years ago this week, I released the first public version of Nessus. Little did I know at the time the profound impact it would have both on the industry and on me personally.

Read More

New in Nessus: Elliptic Curve Cryptography with SSH

Cryptography is like finding and patching system vulnerabilities. Both are a race. In the former, the race is between mathematicians finding efficient, hard-to-reverse computations and opposing mathematicians solving hard numerical problems to defeat them. In the latter, the race is between IT and malicious actors who may find the vulnerabilities first to exploit them. The race in encryption is fueled by the exponential increase in computing power outlined by Moore’s law, constantly driving the algorithms we use toward obsolescence.

Read More

The First Major Security Logos of 2018: Spectre and Meltdown Vulnerabilities

This post was updated on Jan. 12, 2018 to include additional technical details and supplemental links.  

The recently disclosed Meltdown and Spectre vulnerabilities started off 2018 with a somber note, as the attacks affect everything from desktops, laptops and mobile devices to cloud providers’ infrastructure. The flaws are present in nearly all modern microprocessors and can allow an attacker to access privileged memory by abusing a feature called speculative execution.

Read More

Announcing Nessus Professional v7

We’re pleased to announce Nessus Professional v7. More than 20,000 organizations today use Nessus Professional and there are more than a million and a half Nessus users worldwide. You, the Nessus community, have made Nessus one of the most important and trusted solutions in the industry.

Over nearly 20 years, Nessus has become the gold standard for security practitioners and consultants who want fast and accurate point-in-time scans. Starting with version 7, we are intensifying our focus on performance and accuracy, so you can get the job done even faster and more confidently.

Read More

Detecting macOS High Sierra root account without authentication

Yesterday, Tenable™ released two plugins to detect macOS High Sierra installs which allow a local user to login as root without a password after several login attempts. Both plugins require authentication, however, there was one scenario where a user could log in over VNC protocol with the root account and no password if screen sharing was enabled. Today, we are releasing a plugin to remotely detect the vulnerability without authentication.

Read More

Reaper IoT Botnet

The new modern attack surface encompasses many emerging technologies such as the Internet of Things (IoT). As IoT becomes more integrated into the business communications path and the security boundary of your organization begins to blur, the risk of vulnerable IoT devices such as routers, cameras and video recorders will continue to increase.

Read More

Auditing Databases with Nessus

As a companion to another post on hardening network devices and creating baseline configurations, I wanted to look at another area where standardizing configurations can pay off in a big way. While there is plenty of fertile ground out there, I decided to focus on some specific aspects of databases. As I started reviewing recent research, I noticed a couple of interesting things from the world of finance that likely aren’t radically different from most environments.

Read More

Rooting a Printer: From Security Bulletin to Remote Code Execution

Printers. They are everywhere. In big businesses. In small businesses. In our homes. In our schools. Wherever you go, there they are. But where are they in your threat model? When was the last time you updated the firmware? Do you know if there are public exploits for your printer?

For example, in early April, Hewlett Packard released a security bulletin titled, HP PageWide Printers, HP OfficeJet Pro Printers, Arbitrary Code Execution. The bulletin states:

Read More

Hunting Linux Malware with YARA

Tenable recently released two new YARA plugins to complement the already existing Windows YARA plugin. The new plugins are YARA Memory Scan (Linux) and YARA File Scan (Linux) (Solaris). The plugins bring YARA functionality to Linux and Solaris hosts. This blog discusses a couple of scenarios in which these plugins are useful.

Read More

Quick Credential Debug Scan

What scans do you use? Tenable customers can assess their security risks from information gathered by vulnerability and compliance scans. In this blog, I’ll show you how to build a customized scan that helps diagnose authentication issues that show up when running those scans. I call it the Quick Credential Debug Scan, or QCD for short.

Read More

Apache Struts Jakarta Remote Code Execution (CVE-2017-5638) Detection with Nessus

A remote code execution vulnerability (CVE-2017-5638) in the Jakarta Multipart Parser in certain versions of the Apache Struts framework can enable a remote attacker to run arbitrary commands on the web server. Since its initial disclosure, this vulnerability has received significant attention, and is reportedly exploited in the wild. Public exploits are also available for this vulnerability.

Read More

Understanding Tenable Plugins

Are you pluggin’ along looking for vulnerabilities? The heart of Tenable vulnerability detection comes from the individual tests called plugins – simple programs that check for specific flaws. Each plugin contains a vulnerability description, fix recommendations, and algorithms for detection. Tenable products receive new plugins nightly, which keep the tests current and relevant.

Finding plugin information

 SecurityCenter® has at least four places to research plugins:

Read More

A Look Inside the Ransomware Ecosystem

Read Whitepaper >

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save.

Add Support