Clik here to view.
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
7Critical80Important1Moderate0LowMicrosoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.Microsoft patched 88 CVEs in...
View ArticleClik here to view.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass...
Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly availableBackgroundOn August 13, Ivanti released a security advisory to...
View ArticleClik here to view.
Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use,...
NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique...
View ArticleClik here to view.
SSRFing the Web with the help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially...
View ArticleClik here to view.
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA...
Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out...
View ArticleClik here to view.
CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via...
Conventional wisdom suggests the keys to protect critical infrastructure against cyberattacks are network segmentation and OT security. But continued breaches imply those methods alone fall short. In...
View ArticleClik here to view.
$200 Million Cybersecurity E-Rate Funding Available for K-12 Schools and...
Empowering K-12 schools and libraries to strengthen their cybersecurity posture with new funding opportunities and best practices.Recent attacks reveal that K-12 schools and libraries are prime targets...
View ArticleClik here to view.
Secure Your Sprawling Attack Surface With Risk-based Vulnerability Management
The cloud, artificial intelligence (AI), machine learning and other technological breakthroughs are radically changing the modern work environment. New assets and services offer increased flexibility,...
View ArticleClik here to view.
The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps...
View ArticleClik here to view.
AA24-241A : Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting...
A joint Cybersecurity Advisory highlights Iran-based cyber actor ransomware activity targeting U.S. organizations. The advisory includes CVEs exploited, alongside techniques, tactics and procedures...
View ArticleClik here to view.
Cybersecurity Snapshot: Schools Suffer Heavy Downtime Losses Due To...
The cost of ransomware downtime in schools gets pegged at $500K-plus per day. Meanwhile, check out the AI-usage risks threatening banks’ cyber resilience. Plus, Uncle Sam is warning about a dangerous...
View ArticleClik here to view.
Cybersecurity Snapshot: RansomHub Group Triggers CISA Warning, While FBI Says...
Cybersecurity teams must beware of RansomHub, a surging RaaS gang. Plus, North Korea has unleashed sophisticated social-engineering schemes against crypto employees. Meanwhile, a new SANS report...
View ArticleClik here to view.
CVE-2021-20123, CVE-2021-20124: DrayTek Vulnerabilities Discovered by Tenable...
With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect.BackgroundIn November 2021, the Cybersecurity and Infrastructure Security...
View ArticleClik here to view.
Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
7Critical71Important1Moderate0LowMicrosoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild.Microsoft patched 79...
View ArticleClik here to view.
Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure...
Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting...
View ArticleClik here to view.
CloudImposer: Executing Code on Millions of Google Servers with a Single...
Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an...
View ArticleClik here to view.
Mastering Containerization: Key Strategies and Best Practices
As organizations modernize their infrastructure, containers offer unparalleled flexibility and scalability but they also introduce unique security challenges. In this blog we explain container security...
View ArticleClik here to view.
An Analyst’s Guide to Cloud-Native Vulnerability Management: Where to Start...
Cloud-native workloads introduce a unique set of challenges that complicate traditional approaches to vulnerability management. Learn how to address these challenges and scale cloud-native VM in your...
View ArticleClik here to view.
Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to...
Report finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead...
View ArticleClik here to view.
Establishing a Cloud Security Program: Best Practices and Lessons Learned
As we’ve developed Tenable’s cloud security program, we in the Infosec team have asked many questions and faced interesting challenges. Along the way, we’ve learned valuable lessons and incorporated...
View Article