Clik here to view.
Tenable Partners with CISA to Enhance Secure By Design Practices
When CISA called on the world’s leading software manufacturers to sign its Secure by Design Pledge, Tenable answered promptly and enthusiastically, becoming part of the first wave of supporters of this...
View ArticleClik here to view.
Cybersecurity Snapshot: NIST Program Assesses How AI Systems Will Behave in...
Check out the new ARIA program from NIST, designed to evaluate if an AI system will be safe and fair once it’s launched. Plus, the FBI offers to help LockBit victims with thousands of decryption keys....
View ArticleClik here to view.
CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection...
Researchers disclose a critical severity vulnerability affecting PHP installations and provide proof-of-concept exploit code, which could lead to remote code execution.BackgroundOn June 6, maintainers...
View ArticleClik here to view.
Cloud Workload Protection: The Key to Decreasing Cloud Security Risks
More than 80% of all breaches involve data stored in the cloud, and security teams that don’t use cloud workload protection (CWP) may never get ahead of attackers who want to access as much data as...
View ArticleClik here to view.
Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs
1Critical48Important0Moderate0LowMicrosoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted...
View ArticleClik here to view.
Cybersecurity Snapshot: U.K. Cyber Agency Urges Software Vendors To Boost...
Check out the NCSC’s call for software vendors to make their products more secure. Plus, why the Treasury Department is looking at how financial institutions are using AI. And the latest on the...
View ArticleClik here to view.
How to Discover, Analyze and Respond to Threats Faster with Generative AI
Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet in the 1990s. For security, GenAI can revolutionize the field if applied correctly, especially...
View ArticleClik here to view.
Cybersecurity Snapshot: FTC Believes TikTok Broke U.S. Law, Asks Justice...
TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to...
View ArticleClik here to view.
CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability...
Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts;...
View ArticleClik here to view.
Understanding Customer Managed Encryption Keys (CMKs) in AWS, Azure and GCP:...
Explore critical differences in handling customer-managed encryption keys (CMKs) across AWS, Azure, and GCP to avoid security misconfigurations and protect your data effectively.Why are we here? A...
View ArticleClik here to view.
CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability
Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors,...
View ArticleClik here to view.
Tag, You’re IT! Tagging Your Way to Cloud Security Excellence
To manage your cloud resources effectively and securely, you need to consistently tag assets across all your cloud platforms. Here we explain tagging’s main benefits, as well as proven strategies and...
View ArticleClik here to view.
Cybersecurity Snapshot: Memory Bugs Pervasive in Open Source SW, While Car...
Check out why memory vulnerabilities are widespread in open source projects. Plus, get the latest on the ransomware attack that’s disrupted car sales in North America. In addition, find out why a...
View ArticleClik here to view.
Cybersecurity Snapshot: Malicious Versions of Cobalt Strike Taken Down, While...
Check out the results of a multinational operation against illegal instances of Cobalt Strike. Plus, more organizations are learning that Midnight Blizzard accessed their email exchanges with...
View ArticleClik here to view.
How the regreSSHion Vulnerability Could Impact Your Cloud Environment
With growing concern over the recently disclosed regreSSHion vulnerability, we’re explaining here what it is, why it’s so significant, what it could mean for your cloud environment and how Tenable...
View ArticleClik here to view.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080,...
5Critical132Important1Moderate0LowMicrosoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited...
View ArticleClik here to view.
How Risk-based Vulnerability Management Boosts Your Modern IT Environment's...
Vulnerability assessments and vulnerability management sound similar – but they’re not. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift...
View ArticleClik here to view.
Cybersecurity Snapshot: CISA Tells Tech Vendors To Squash Command Injection...
Check out CISA’s call for weeding out preventable OS command injection vulnerabilities. Plus, the Linux Foundation and OpenSSF spotlight the lack of cybersecurity expertise among SW developers....
View ArticleClik here to view.
Oracle July 2024 Critical Patch Update Addresses 175 CVEs
Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates.BackgroundOn July 16, Oracle released its Critical Patch Update (CPU) for July 2024, the...
View ArticleClik here to view.
Tenable Announces Former Senior Administration Officials to Inaugural Public...
Rob Joyce and Mark Weatherford will help Tenable shape federal cyber and AI policy.The landscape of cybersecurity policies, regulations and recommendations at both the federal and state levels...
View Article