政府機構的零信任 5 大須知
Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey....
CVE-2024-55591:受到猖獗利用的 Fortinet 驗證繞過零時差弱點
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024....
Microsoft 2025 年 1 月份的 Patch Tuesday 解決了 157 個 CVE (CVE-2025-21333、CVE-2025-21334、CVE-2025-21335)
Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available....
CVE-2025-0282:受到猖獗利用的 Ivanti Connect Secure 零時差弱點
Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day....
Tenable Chairman and CEO Amit Yoran Has Died
It is with profound sadness that we share the news of the passing of our beloved CEO Amit Yoran on January 3. Amit was not only a visionary leader but also a guiding force who profoundly impacted our industry, our company, our culture and our community....
網路安全概要: After Telecom Hacks, CISA Offers Security Tips for Cell Phone Users, While Banks Seek Clearer AI Regulations
Check out best practices for preventing mobile communications hacking. Plus, how the U.S. government can improve financial firms’ AI use. Meanwhile, the FBI warns about a campaign to hack vulnerable webcams and DVRs. And get the latest on a Chinese APT’s hack of the Treasury Department; the federal ...
選擇正確的 CNAPP: 中型企業的六大考量
Mid-sized enterprises increasingly find themselves in need of a CNAPP, as their cloud adoption matures. But how should they go about selecting the right one? What questions should they ask and what criteria should they use? Here we unpack six key considerations that’ll help them evaluate their optio...
導覽 SEC 的網路安全揭露規定:一年之後
In December 2023, as cyberattacks surged, the U.S. Securities and Exchange Commission (SEC) began enforcing new cybersecurity disclosure rules. This pushed C-level executives and boards to adopt measures for compliance and transparency. In this post, we look at the enforcement actions the SEC has ta...
網路安全概要: 網路國度的地平線上浮現了什麼?Tenable 專家對 2025 年的預測
Wondering what cybersecurity trends will have the most impact in 2025? Check out six predictions from Tenable experts about cyber issues that should be on your radar screen in the new year — including AI security, data protection, cloud security … and much more!...
網路安全概要: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight
Check out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchma...
Web 應用程式掃描基本概念:關於 CI/CD 工作流程安全專業人員必須知道的事
Git, repositories and pipelines…oh my! We unpack standard practices in the web app development process and provide guidance on how to use Tenable Web Application Scanning to secure your code....
網路安全概要: Telecoms May Face Tougher Regulations After Salt Typhoon Hacks, as Study Finds Cyber Pros More Stressed at Work
The FCC wants stronger cyber regulations for telecoms after cyber espionage breaches. Meanwhile, find out why cyber pros say work has become more difficult. Plus, check out tips to prevent AI-boosted financial fraud. And get the latest on vulnerability management, EU cyber challenges and CIS predict...