Hello All, I'm excited to announce the newest version...
Hello All, I'm excited to announce the newest version of Tenable.io Web Application Scanning is GA for Tenable.io users who don't currently use WAS. Highlights of the new version include: UI now matches Iris aka "new interface" Unified visibility of web applications and infrastructure with the dashboard system. Users can create custom dashboards using both WAS + VM widgets in the one dashboard Improved detections for Single Page Applications WAS RBAC now applies to all data views, meaning if you don't have access to a scan then you don't see the data in dashboards & workbenches. 2 new scan templates, SSL/TLS to validate you have the right certificate & encryption settings for your server & Config Audit that reviews externally discoverable configuration items that are exposed by webservers. These scans take seconds to set up and return results in minutes. An entirely rebuilt UI core set of services for better UI performance, ease of adding new items, fast response to dashboard queries and built on modern systems that should be much easier to maintain New API to go along with the new UI, versioned as V2
Tenable releases coverage for December 2019 Microsoft Patch...
Tenable releases coverage for December 2019 Microsoft Patch Tuesday Microsoft closes out the last Patch Tuesday of the year for 2019 with a relatively smaller than usual number of CVE's getting patches. In this months update 36 CVE's were patched with only 7 being rated as critical. One of the most important updates this month is CVE-2019-1458, an elevation of privilege vulnerability in Microsoft Windows that occurs when the Win23k component fails to properly handle objects in memory. An attacker who is able to log onto the system could execute a specially crafted application to exploit this flaw to run arbitrary code in kernel mode. Microsoft’s advisory notes this vulnerability has been exploited in the wild, and according to researchers Anton Ivanov and Alexey Kulaev of Kaspersky Lab is connected to another zero-day exploit in Google Chrome that the researchers disclosed in November. Follow along as we discuss some of the important updates released this month by reading our blog. Release Date: 10 December 2019