網路安全概要： CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software PrinciplesDecember 8, 2023
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
This week’s edition of Tenable Cyber Watch unpacks CISA’s Security Attestation Form Draft and discusses CSA’s new Zero Trust Certification. Also covered: The FCC’s new pilot program that would help U.S. schools and libraries boost their cybersecurity.
Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants about an active threat involving Unitronics PLCs. 還有更多內容等您探索！
Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning
AWS IAM Access Analyzer now has an API allowing you to make custom policy checks. Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. Find out how and ...
Almost everything in the cloud is one excess privilege or misconfiguration away from exposure. Proper cloud posture and entitlement management can help mitigate risk and eliminate toxic combinations.
This week’s edition of Tenable Cyber Watch unpacks what organizations need to do to prepare for quantum computing attacks and addresses SBOM adoption to help organizations beef up the security of the software supply chain. Also covered: 美國Office of Management and Budget drafts guidance for fed agencies’ AI use.
Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. Plus, it’s warning cyber teams about the threats from the Rhysida and Scattered Spider cybercrime groups. In addition, there’s a new zero trust certification. 還有更多內容等您探索！
Decrypting CNAPP: Moving Beyond the Acronyms and Analyst Jargon to a Unified Approach to Cloud SecurityNovember 21, 2023
CNAPPs provide end-to-end protection of cloud workloads by combining previously siloed tools, such as CSPM and CWPP into a single platform. In this post, we’ll explain what the key benefits of CNAPP are and how organizations can use these tools to protect their cloud workloads.
Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.
This week’s edition of Tenable Cyber Watch unpacks Critical Infrastructure Security and Resilience month and addresses the “Shields Ready” campaign aimed at promoting critical infrastructure security and resilience. Also covered: Do most organizations need a generative AI policy? What one poll shows.
網路安全概要： Are SBOMs on Your Supply Chain Security Radar Screen? Check Out New Recommendations from CISA and NSANovember 17, 2023
The SBOM concept is still half-baked, but CISA and NSA want to help change that with new best practices for software vendors, developers and buyers. Plus, there’s new guidance about the Royal ransomware gang – as ransomware attacks grow. In addition, Google highlights a new typosquatting trend impacting cloud storage. 還有更多內容等您探索！