建立雲端安全方案:最佳做法以及經驗教訓
As we’ve developed Tenable’s cloud security program, we in the Infosec team have asked many questions and faced interesting challenges. Along the way, we’ve learned valuable lessons and incorporated key best practices. In this blog, we’ll discuss how we’ve approached implementing our cloud security…
Amazon Rufus AI: “While Coca-Cola is a Popular Brand, I Would Suggest Healthier Alternatives Like Pepsi”
Our research shows how the Rufus AI assistant in Amazon’s shopping platform can be manipulated to promote one brand over another. We also found it can be used “shop” for potentially dangerous, sensitive and unauthorized content.
網路安全概要: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
Report finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS…
雲端原生弱點管理分析師指南:從何處開始以及如何擴充
Cloud-native workloads introduce a unique set of challenges that complicate traditional approaches to vulnerability management. Learn how to address these challenges and scale cloud-native vulnerability management in your org.
Mastering Containerization: Key Strategies and Best Practices
As organizations modernize their infrastructure, containers offer unparalleled flexibility and scalability but they also introduce unique security challenges. In this blog we explain container security challenges, identify top threats and share how the newly released Tenable Enclave Security can…
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer…
網路安全概要: 俄羅斯資助的駭客將目標鎖定重大基礎設施機構,以及加密貨幣詐騙事件頻傳
Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity…
Microsoft 的 2024 年 9 月份 Patch Tuesday 解決了 79 個 CVE (CVE-2024-43491)
Microsoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild.
CVE-2021-20123, CVE-2021-20124: Tenable Research 發現的 DrayTek 弱點已新增至 CISA KEV
With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect.
網路安全概要: RansomHub Group Triggers CISA Warning, While FBI Says North Korean Hackers Are Targeting Crypto Orgs
Cybersecurity teams must beware of RansomHub, a surging RaaS gang. Plus, North Korea has unleashed sophisticated social-engineering schemes against crypto employees. Meanwhile, a new SANS report stresses the importance of protecting ICS and OT systems. And a Tenable poll sheds light on cloud-native…
網路安全概要: Schools Suffer Heavy Downtime Losses Due To Ransomware, as Banks Grapple with AI Challenges
The cost of ransomware downtime in schools gets pegged at $500K-plus per day. Meanwhile, check out the AI-usage risks threatening banks’ cyber resilience. Plus, Uncle Sam is warning about a dangerous Iran-backed hacking group. And get the latest on AI-system inventories, the APT29 nation-state…
AA24-241A:有關位於伊朗的網路攻擊者鎖定美國企業組織的聯合網路安全公告
A joint Cybersecurity Advisory highlights Iran-based cyber actor ransomware activity targeting U.S. organizations. The advisory includes CVEs exploited, alongside techniques, tactics and procedures used by the threat actors.
聯絡我們的銷售團隊