Clik here to view.
Cybersecurity Snapshot: Critical Infrastructure Orgs Cautioned About Chinese...
Find out why Uncle Sam is warning critical infrastructure facilities about drones made in China, while urging water treatment plants to beef up incident response plans. Plus, the challenges stressing...
View ArticleClik here to view.
Level Up Your Cloud Security Strategy
Learn how to better your cloud security program with these ten security resolutions. It’s no secret that the cloud – and anything related to it –has a communication problem. From CSPs to CSPMs to EC2s,...
View ArticleClik here to view.
CVE-2023-22527: Atlassian Confluence Data Center and Server Template...
In the wild exploitation has begun for a recently disclosed, critical severity flaw in Atlassian Confluence Data Center and ServerBackgroundOn January 16, Atlassian published an advisory for a critical...
View ArticleClik here to view.
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability
Proof-of-concept exploit details are available for a newly disclosed critical vulnerability in Fortra GoAnywhere Managed File Transfer (MFT), a product historically targeted by ransomwareBackgroundOn...
View ArticleClik here to view.
Strengthening Cyber Protections in the DoD's OT Systems
Operational technology plays a major role in many aspects of the U.S. Department of Defense — including in military operations, in the infrastructure on bases and throughout the supply chain....
View ArticleClik here to view.
Cybersecurity Snapshot: New Guide Details How To Use AI Securely, as CERT...
Cyber agencies from multiple countries published a joint guide on using artificial intelligence safely. Plus, CERT’s director says AI is the top skill for CISOs to have in 2024. Plus, the UK’s NCSC...
View ArticleClik here to view.
Not a Blackbelt in Attack Path Analysis? Tenable ExposureAI Helps You Achieve...
With attacks becoming more sophisticated, security teams must spend more time analyzing different entry points into the organization, as well as numerous tactics, techniques and procedures. Find out...
View ArticleClik here to view.
Cloud Leaders Sound Off on Key Challenges
Too many identities, systems and cooks in the kitchen cloud an already complex mandate.More than two thirds of cloud decision-makers (68%) say their cloud deployments — particularly public and hybrid...
View ArticleClik here to view.
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently...
Frequently asked questions for four CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.BackgroundThe...
View ArticleClik here to view.
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission,...
View ArticleClik here to view.
Cybersecurity Snapshot: Attackers Hack Routers To Hit Critical...
CISA is calling on router makers to improve security, because attackers like Volt Typhoon compromise routers to breach critical infrastructure systems. Meanwhile, data breaches hit an all-time high in...
View ArticleClik here to view.
Frequently Asked Questions on Security Incident at AnyDesk
Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2.BackgroundThe Tenable Security Response Team has put together this blog to answer...
View ArticleClik here to view.
Keep the Water Flowing for the DoD: Securing Operational Technology from...
Malicious actors are ramping up attacks against water and wastewater systems (WWS), which are not only attractive targets but also complex to protect. The U.S. Department of Defense (DoD) in particular...
View ArticleClik here to view.
Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of...
The Volt Typhoon hacking gang is stealthily breaching critical infrastructure IT environments so it can strike on behalf of the Chinese government, cyber agencies say. Plus, ransomware gangs netted $1...
View ArticleClik here to view.
Shoring Up Water Security: Industry Leaders Testify Before Congress
The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection recently brought together industry leaders and stakeholders to discuss the urgent need for protective measures,...
View ArticleClik here to view.
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN...
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical...
View ArticleClik here to view.
Unused Access Analyzer: A Leap Toward Least Privilege, Not the End of the...
AWS IAM Access Analyzer can now detect action-level unused permissions. It’s a great enhancement in the native toolbox to achieve least privilege — but if you need comprehensive entitlements management...
View ArticleClik here to view.
How a Serverless Architecture Can Help You Secure Cloud-Native Applications
Cybersecurity teams often struggle with securing cloud-native applications, which are becoming increasingly popular with developers. The good news is that deploying these applications on a serverless...
View ArticleClik here to view.
Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351,...
5Critical66Important2Moderate0LowMicrosoft addresses 73 CVEs, including two zero-day vulnerabilities that were exploited in the wild.Microsoft patched 73 CVEs in its February Patch Tuesday release,...
View ArticleClik here to view.
Pig Butchering Scam: How Bitcoin, Ethereum, Litecoin and Spot Gold (XAUUSD)...
This is the second part of a two-part series based on firsthand research into pig butchering scams from the end of 2022 into early 2024. In this post, we delve into the types of investment scams...
View Article