Tag: Tenable

Tenable upgrades partner programme

Security outfit Tenable has updated its partner programme, Tenable Assure, including an all-new certification programme, expanded service choices and a revamped partner portal.

Tenable channel sales director, Guy March, said: “We are excited to announce these updates to Tenable’s Assure program, which have been designed to increase and reward business driven by our partners as we continue to invest in our channel. We are launching a brand new Partner Portal to enhance user experience and ensure partners are equipped with the training, certifications and sales tools to deliver Tenable’s industry-leading risk-based vulnerability management solutions and services to customers across EMEA.”

Nearly every company experienced a cyber attack last year

Most companies experienced a cyber attack last year with more than two thirds hitting vital operational technology, according to a new Forrester report

The research, commissioned by Tenable, found that 63 percent of the 103 UK respondents had witnessed a dramatic rise in business-impacting cyber-attacks in the last two years.

In many cases, these attacks had severely damaging effects, from loss of employee data (44 percent) and financial loss or theft (36 percent), to customer attrition (34 percent ).

Two thirds of the surveyed UK security leaders claimed that these attacks also involved operational technology (OT).

Tenable finds untenable vulnerablities in PremiSys

Security outfit Tenable has announced that Tenable Research has discovered several zero-day vulnerabilities in the PremiSys access control system developed by IDenticard.

When exploited, the most severe vulnerability would give an attacker unfettered access to the badge system database, allowing him/her to covertly enter buildings by creating fraudulent badges and disabling building locks.

US companies take down Chinese hacker group

1220aAn alliance of US tech companies including Novetta and Microsoft hasbeen targeting the Hikit malware and have worked out a way to disrupt the Chinese cyber espionage gang Axiom’s antics.

Dubbed Operation SMN, the coalition of security companies has apparently given the hackers a Chinese burn after it detected and cleaned up malicious code on 43,000 computers worldwide infected by Axiom.

The effort was led by Novetta and included Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect Intelligence Research Team (TCIRT), ThreatTrack Security, Volexity, and was united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit.

Hikit is custom malware often used by Axiom to burrow into organisations and nick data. It works quietly and evades detection, sometimes for years.

Axiom used a variety of tools to access and re-infect environments including Derusbi, Deputy Dog, Hydraq, and others. Ludwig says, they expanded the group and its scope “so that we absolutely did the best possible job of clean-up and removal” and rolled it all into a Microsoft Malicious Software Removal Tool (MSRT) released Oct. 14.

Novetta thinks that while the MSRT was comprehensive, it may be only a temporary setback for Axiom, which will just work out another way of doing the same thing.

Novetta says it has “moderate to high confidence” that Axiom is a well-resourced and well-disciplined subgroup of the state-backed “Chinese Intelligence Apparatus.”

Axiom has been found in organisations that are of strategic economic interest, that influence environmental and energy policy and that develop integrated circuits, telecommunications equipment and infrastructure.

The target organisations are often related in some way, and once Hikit has burrowed its way into a computing environment, it can create a “mini-network,” communicating laterally with other Hikit installations within the organisation or related outside groups. What makes it difficult to track is that it uses proxies and never communicates with the command-and-control server directly. Hikit talks to companies in such a way that the traffic does not look dodgy.