Tenable Blog

Gartner recently published its April 2020 “Voice of the Customer” report which synthesizes Gartner Peer Insights’ customer reviews from the previous year into insights for IT decision-makers. The report analyzes more than 555 reviews and ratings in the vulnerability assessment market in the 12-month period ending Feb. 29, 2020.

Three days after an advisory was disclosed for a critical remote code execution vulnerability in F5’s BIG-IP, active attempts to exploit vulnerable hosts have been observed in the wild.

Update July 8, 2020: F5 has provided updated mitigation details after reports that researchers had discovered a way to bypass some of the mitigations. The Solutions section of our blog has been updated accordingly.

Just as Magento 1 reaches end of life, attackers are exploiting a vulnerability in a Magento plugin from 2017. Site owners should prepare to migrate their stores immediately.

Critical authentication bypass vulnerability in PAN-OS devices could be exploited in certain configurations, which are commonly recommended by identity providers.

Update July 2, 2020: The Recommended Configuration and Solution sections were updated to reflect new information from the team credited with discovering this vulnerability.

In a new report, Navy, Air Force and Defense Information Security Agency (DISA) leaders provide insights into managing cyber risk and protecting critical infrastructure. Here is a quick summary. 

A recent survey of senior Department of Defense (DoD) cyber officials revealed a consistent focus on delivering accurate and actionable cyber risk information to support “operationally informed risk decisions.”