Tenable Product & Research Newsletter - March 2025 This...

CUSTOMER UPDATE WEBINARS

Tune in for product updates, demos, how-to advice and live Q&A to help you maximize the value of your investment in Tenable solutions.

LIVE | April 2025

• Tenable WAS, April 1, 2025, 11 am ET: Explore the recent Tenable Attack Surface Management integration with Tenable WAS
• Tenable Nessus, April 1, 2025, 1 pm ET: Identify potential attack paths using port scanning and service discovery
• Tenable Vulnerability Management, April 2, 2025, 1 pm ET: Create scans using the Tenable API and PyTenable
• Tenable One, April 3, 2025, 11 am ET: Learn how new Tenable One updates streamline navigation and improve access to important exposure context
• Tenable Security Center, April 3, 2025, 1 pm ET: Discover asset-based reporting using the Iterator in Tenable Security Center

ON-DEMAND | March 2025

• Tenable Identity Exposure: Use Tenable Identity Exposure to identify critical identity risks across hybrid infrastructure and remediate them at scale
• Tenable Nessus: Use Live Results to improve Nessus scan efficiency
• Tenable OT Security: Explore new features in Tenable OT Security 4.1
• Tenable Vulnerability Management: Discover alternative approaches to prioritization using Vulnerability Intelligence
• Tenable One: Understand why and how you can leverage Tenable Cloud Security to optimize your Tenable One deployment
• Tenable Security Center: Manage credentials using the Tenable API

CUSTOMER OFFICE HOURS

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Times-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa, and Asia Pacific (APAC). Learn more and register here.

ICYMI: OTHER WEBINARS OF INTEREST

• April 23, 2025: Cloud Security Without Identity Isn’t Cloud Security at All (2 of 4)
• On-demand: How does an industry leader like Tenable protect its own cloud environments?
• On-demand: Security Beyond Silos with Tenable + Vulcan Cyber: Unified Exposure Management
• On-demand: 3 reasons why it's time to embrace identity as part of exposure management

FOR MORE WEBINARS

Please visit tenable.com/webinars for the most up-to-date schedule.

Tenable Research

Security Response Team

DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware: Tenable Research examines DeepSeek R1 and its capabilities for developing keylogger malware and ransomware. Our conclusion: DeepSeek R1 provides a useful starting point for developing malware, but requires additional prompting and debugging.

Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993): Microsoft addresses 56 CVEs, including seven zero-day flaws, six of which are being exploited in the wild.

CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited: Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero days. Organizations are advised to apply the available patches.

Tenable Research reports and blogs

How To Reduce DNS Infrastructure Risk To Secure Your Cloud Attack Surface: Mismanaging your DNS infrastructure could expose you to destructive cyberattacks–especially as your cloud attack surface expands. Learn about DNS vulnerabilities, the impact of DNS takeover attacks and best practices for DNS security.

Vulnerability detections

Between February 17th and March 14th, there were over 10,000 new plugins published, with 1,810 having a CVSSv3 severity rating of critical.