FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk
March 21, 2024Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of misconfigured shared-parent domains that puts customers of major CSPs at risk.
Unlocking Kubernetes Innovation Through Simplified Cloud Security with Tenable
March 19, 2024Tenable Cloud Security simplifies Kubernetes security by providing any containerized environment with new features including easy custom policy enforcement, enhanced access control, Helm charts scanning and workload protection. The capabilities offer powerful means for securing your clusters effortlessly, with meaningful, identity-driven insights.
Taking Control of Kubernetes: Enforcing Least Privilege to Secure Your Kubernetes Environment
March 18, 2024Kubernetes has become the de facto standard for managing containerized workloads in private and public clouds. However, security standards have failed to keep pace, leading to increased risk of cyberattacks and data breaches for insecure or misconfigured platforms. Here we examine the challenges involved and explain how to protect your Kubernetes environment by enforcing least privilege across all deployments – whether on-premises or hosted in the public cloud.
Managed Kubernetes: Is It Right for My Organization?
February 20, 2024As an organization grows its usage of containers, managing them becomes more complex. A common response is to adopt Kubernetes for container orchestration. But how do you properly secure your Kubernetes clusters? And should your organization host its Kubernetes deployments or instead choose a managed option? Here’s what you need to know.
How a Serverless Architecture Can Help You Secure Cloud-Native Applications
February 13, 2024Cybersecurity teams often struggle with securing cloud-native applications, which are becoming increasingly popular with developers. The good news is that deploying these applications on a serverless architecture can make it easier to protect them. Here’s why.
Cloud Leaders Sound Off on Key Challenges
January 31, 2024Too many identities, systems and cooks in the kitchen cloud an already complex mandate.
Level Up Your Cloud Security Strategy
January 22, 2024Learn how to better your cloud security program with these ten security resolutions.
Tenable Cloud Security Now Supports the Generation of Pull Requests for Remediation Suggestions
January 18, 2024The new capability is designed to make it more efficient for security teams to pass remediation recommendations on to the infrastructure team to implement. Here’s how it works.
Beyond the Horizon: Top 5 Cloud Security Trends to Watch in 2024
January 16, 2024Generative AI will undoubtedly boost organizations’ cybersecurity capabilities. However, cybersecurity departments will reap few gains from generative AI without first enforcing solid cloud security principles. In this blog, we explain the top cloud security trends that organizations must track – and adapt to – this year in order to maintain a robust cloud security posture.
Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF
October 4, 2023Using CNAPPgoat, you can now experiment with a technique that leverages exposure to SSRF to trigger calls to AWS services from within an Amazon EC2 instance.
Building Custom Scenarios with CNAPPgoat
September 27, 2023You can now construct and import your own vulnerability scenarios into CNAPPgoat, enhancing your cloud security skills.
What’s New with CNAPPgoat?
September 23, 2023Read about the newest, expanded features in the Tenable Cloud Security open source vulnerable-by-design tool for enhancing your security skills.