• Bhubaneswar India
  • Contact+ 91-9938772605
  • Mon - Sat : 10:00AM - 6:00PM

Tag: Tenable

Tenable Completes Acquisition of Bit Discovery and Announces Tenable.asm for External Attack Surface Management

Tenable Completes Acquisition of Bit Discovery and Announces Tenable.asm for External Attack Surface Management

Tenable Holdings, Inc. (“Tenable”), the Cyber Exposure company, today announced it has closed its acquisition of Bit Discovery, Inc. (“Bit Discovery”), a leader in external attack surface management (EASM). Tenable will launch Tenable.asm, a new solution that will provide the full capabilities of Bit Discovery’s technology and enable customers to gain a more complete 360-degree view of their full attack surface so they can better understand how attackers could gain access via the internet and help prioritize remediation steps.

Gaining Visibility Into Unseen Risk

An organization’s digital footprint extends far beyond its walls as various services, applications and APIs are internet facing or reside on the internet. To avoid new points of security vulnerability and to ensure good organizational risk management, it is critical for organizations to have visibility into and to understand both known and previously unknown internet-facing assets.

Modern organizations require continuous monitoring of their complete attack surface and context-aware intelligence on where to prioritize remediation efforts. Tenable.asm will continuously map the entire internet and discover connections to an organization’s internet-facing assets, whether internal or external to their networks, to assess the security posture of their entire external attack surface. When used with the rest of Tenable’s solutions, customers will be able to get the context of potential attack paths from external systems to critical assets throughout their organization providing a comprehensive measure of their overall exposure. Tenable.asm is scheduled to be available for purchase early in the third quarter of 2022.

Because the security of internet-facing assets is a top CISO priority and pain point, Tenable is also integrating foundational quarterly attack surface discovery into its existing market-leading cyber exposure solutions at no additional cost to Tenable customers. New capabilities are scheduled to be included in Tenable.io®, Tenable.sc™and Tenable.ep™ early in the third quarter of 2022. A new version of Nessus will also include asset discovery.

“Very few, if any, organizations truly understand their full digital footprint. One of the most common but dangerous security lapses is to misconfigure something in the cloud and make it internet-facing. Organizations increasingly have less of a grasp on which of their assets are exposed,” said Glen Pendley, chief technology officer, Tenable. “Every business or government entity should have advanced capabilities like those found in Tenable.asm, but given the critical security importance of having ASM everywhere, Tenable is making sure that its customers have at least foundational discovery functionality within the solutions they’re already using. This will enable them to spot points of vulnerability that have been completely invisible until now, with the goal of preventing attacks rather than simply managing them.”

Bit Discovery provides Tenable customers with:

Discovery of previously unknown internet-connected assets
Rich context and attribution for domains, sub-domains and other exposed technologies
Continuous monitoring of the constantly changing external attack surface

omment on Follina Zero Day Vulnerability from Claire Tills, Senior Research Engineer, Tenable

Comment on Follina Zero Day Vulnerability from Claire Tills, Senior Research Engineer, Tenable

A zero day exploit was discovered in Microsoft Office over the weekend that MSFT had previously been alerted to in April by a researcher. This vulnerability, dubbed “Follina”, can be exploited by an attacker sending a URL to a vulnerable machine. Successful exploitation allows an attacker to install programs, view or change data, or create new accounts in line with the victim’s user permissions.

And a comment from Claire Tills, senior research engineer, Tenable:

“Over the weekend, researchers began discussing a zero-day remote code execution vulnerability that can be exploited via Microsoft Office documents, a favored vector for threat actors. On Monday, Microsoft released some official details for CVE-2022-30190, noting that the RCE impacted its Microsoft Windows Diagnostic Tools, but did not release any patches. Microsoft has provided a mitigation recommendation.

 

“The RCE appears to have been exploited as far back as April, and recently came to broad public attention after a researcher began investigating a malicious sample on VirusTotal. Over the weekend, multiple researchers reproduced the issue and determined that it is a “zero click” exploit, meaning that no user interaction is required. Given the similarities between CVE-2022-30190 and CVE-2021-40444, and that researchers speculate other protocol handlers may also be vulnerable, we expect to see further developments and exploitation attempts of this issue.

 

“Because this is a zero click exploit, there isn’t as much individual users can do, however, a healthy dose of skepticism goes a long way. Users should always be suspicious of attachments from untrusted sources.”