The MGM Breach and the Role of IdP in Modern Cyber Attacks
September 21, 2023A deep dive into the recent MGM breach and our insights into the actor behind the attack and possible mitigations.
The Azure Metadata Protection You Didn’t Know Was There
September 11, 2023Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration.
The Benefits of Cloud Entitlement Management
August 30, 2023Cloud identities and entitlements pose grave challenges - learn about the benefits of CIEM solutions and KPIs for measuring them.
The Next Step in the IMDSv1 Redemption Journey
August 17, 2023Learn about AWS’s new open source library for enforcing IMDSv2 and Tenable Cloud Security’s new lab for trying it out.
Secure Your AWS EC2 Instance Metadata Service (IMDS)
August 8, 2023Read this review of IMDS, an important AWS EC2 service component, to understand its two versions and improve your AWS security.
CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
August 2, 2023Here’s all you need to know about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments.
An Unexpected Implication of Lambda Privileges
July 4, 2023Learn how a combination of AWS service usage and permissions discovered by Tenable Cloud Security may increase risk upon a certain non-compliance.
The Default Toxic Combination of GCP Compute Engine Instances
June 29, 2023By default, compute instances in GCP are prone to a toxic combination that you should be aware of, and can avoid and fix.
Shared Responsibility Model in the Cloud
June 21, 2023CSPs have embraced a shared responsibility model to define the security responsibilities for different components of the architecture.
Mastering the Art of Kubernetes Security
June 6, 2023With Kubernetes’ explosive adoption by the development community comes an urgent need to secure clusters and ensure their compliance effectively.
Uncovering 3 Azure API Management Vulnerabilities – When Good APIs Go Bad
May 4, 2023Learn how now-patched Azure API Management service vulnerabilities revealed by our research team enabled malicious actions.
Cloud Workload Protection (CWP) Best Practice – Focus on Impact, Not Volume
April 24, 2023How to do CWP right to prepare your organization and protect it from the next widespread vulnerability.