Tenable Blog

Yesterday, Tenable™ released two plugins to detect macOS High Sierra installs which allow a local user to login as root without a password after several login attempts. Both plugins require authentication, however, there was one scenario where a user could log in over VNC protocol with the root account and no password if screen sharing was enabled. Today, we are releasing a plugin to remotely detect the vulnerability without authentication.

Organizations are continuously leveraging new data and information capabilities to accelerate their business processes and deliver greater value to customers. As a result, industries such as energy, utilities, and manufacturing are becoming increasingly digital and connected. But with new technology come new challenges.

Empire is a popular open source post-exploitation framework. The framework can very roughly be broken down into two parts: agents and listeners. An agent is an implant that lives on the victim’s computer. A listener resides on the attacker’s command and control server and handles communication with the agent. A lot of work has gone into making agents difficult to find. Less has been done to hide listeners.

If there’s one thing 2017 has taught us so far, it’s that the attack surface has changed. Cloud, containers, custom web apps, IoT, and OT are all part of the milieu that’s forcing security teams to up their game.

Basic cyber hygiene is more important yet more challenging than ever. Consider four of the year’s biggest security headlines:

Now that some time has passed since the news broke on the Equifax breach, we’ve had some time to ascertain the facts, digest what happened and draw some conclusions.  It’s taken some time as for the first few weeks the company slowly doled out bits and pieces of information.