Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog


Oracle April 2021 Critical Patch Update Addresses 257 CVEs including ‘Zerologon’ (CVE-2020-1472)

Oracle addresses over 250 CVEs in its second quarterly update of 2021 with 390 patches, including 34 critical updates. Background On April 20, Oracle released its Critical Patch Update (CPU) for Apri...
 Scott Caveza
April 21, 2021

CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild

Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Background On April 20, Pulse Secure, which was acquired by...

 Satnam Narang
April 20, 2021

NAME:WRECK: Nine DNS Vulnerabilities Found in Four Open Source TCP/IP Stacks

Nine new DNS-related vulnerabilities have been identified across TCP/IP stacks embedded in millions of devices. Background On April 13, 2021, researchers at Forescout and JSOF published a report calle...

 Rody Quinlan
April 15, 2021

CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483: Four Critical Microsoft Exchange Server Vulnerabilities Patched in April Patch Tuesday

One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA). Background On April 1...

 Satnam Narang
April 13, 2021

Microsoft’s April 2021 Patch Tuesday Addresses 108 CVEs (CVE-2021-28310)

Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange. 19Critical 8...

Security Response Team
April 13, 2021

CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors

Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infr...

 Satnam Narang
April 8, 2021

CVE-2021-21975, CVE-2021-21983: Chained Vulnerabilities in VMware vRealize Operations Could Lead to Unauthenticated Remote Code Execution

VMware has addressed a pair of vulnerabilities in vRealize Operations that, when chained together, could result in unauthenticated remote code execution in vulnerable servers. Background On March 30,...

 Rody Quinlan
March 31, 2021

How to Identify Compromised Microsoft Exchange Server Assets Using Tenable

As organizations continue to respond to a flurry of attacks by HAFNIUM and other threat actors leveraging Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2...

 Satnam Narang
March 18, 2021

CVE-2021-22986: F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ

F5 releases patches for multiple vulnerabilities in BIG-IP and BIG-IQ, including a critical remote command execution flaw that does not require authentication and is likely to attract exploits in the...

 Satnam Narang
March 11, 2021

Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411)

In its March release, Microsoft addressed 82 CVEs, including a zero-day vulnerability in Internet Explorer that has been exploited in the wild and linked to a nation-state campaign targeting security...

Security Response Team
March 9, 2021

Finding Proxylogon and Related Microsoft Exchange Vulnerabilities: How Tenable Can Help

We urge organizations to patch Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in Microsoft Exchange Server and investigate for potential compr...

Security Response Team
March 8, 2021

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild

Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.Update March 8, 2021: The Identifying Affected Systems section has been updated with informati...

 Satnam Narang
March 2, 2021

CVE-2021-21972: VMware vCenter Server Remote Code Execution Vulnerability

Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Background O...

 Satnam Narang
February 24, 2021

Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities

Get the Details >


輸入您的電子郵件地址,以便收到最新 cyber exposure 警示。

免費試用 立即購買

選擇 Tenable.io

免費試用 30 天

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。 立即註冊。

立即購買 Tenable.io

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產


免費試用 立即購買

免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。完整詳情請見此處。

免費試用 立即購買

試用 Tenable.io Web Application Scanning

免費試用 30 天

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN



免費試用 聯絡業務人員

試用 Tenable.io Container Security

免費試用 30 天

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器影像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

取得 Tenable.sc 產品示範

請填寫以下表格並附上您的聯絡資訊,我們的業務代表將盡快與您聯絡,以安排產品示範。您也可以附上簡短註解 (字元上限為 255 個)。請注意,標示星號 (*) 的欄位是必填欄位。

免費試用 聯絡業務人員

試用 Tenable Lumin

免費試用 30 天

透過 Tenable Lumin,能夠以視覺方式呈現 Cyber Exposure 並加以探索,長期追蹤風險降低狀況,以及對照同業進行指標分析。

購買 Tenable Lumin

聯絡業務代表,瞭解 Lumin 如何協助您獲得整個企業的深入洞見,並管理網路風險。

申請 Tenable.ot 產品示範