CVSSv4 is Coming: What Security Pros Need To Know
The latest revision of the industry standard for ranking vulnerabilities has some changes that practitioners will find useful. Here, we'll discuss them, as well as Tenable' plans to implement the scoring system in its products....
Tenable 網路觀察:Verizon 的資料外洩調查報告 (DBIR) 針對商務電子郵件入侵 (BEC) 以及勒索軟體發出警示、雲端安全成為資安長的頭號隱憂,以及更多資安要點
This week’s edition of the Tenable Cyber Watch unpacks Verizon’s DBIR 2023 report and its warnings about the rise in BEC scams and ransomware attacks and addresses the greatest areas of concerns for cybersecurity leaders. Also covered: why app stores may soon be required to disclose their apps’ coun...
CVE-2023-33299: FortiNAC 出現嚴重的遠端程式碼執行弱點
Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC...
網路安全概要: As Feds Hunt CL0P Gang, Check Out Tips on Ransomware Response, Secure Cloud Management and Cloud App Data Privacy
Learn all about the U.S. government’s reward for CL0P ransomware leads. Plus, check out ransomware incident response recommendations. Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. And much more!...
Shared Responsibility Model in the Cloud
CSPs have embraced a shared responsibility model to define the security responsibilities for different components of the architecture....
Tenable 網路觀察:美國政府更新勒索軟體指南、Lineaje 研究揭露 OSS 中的供應鏈風險等等
This week’s edition of the Tenable Cyber Watch unpacks the most recent updates to the U.S. government’s #StopRansomware Guide and addresses the steps organizations can take to boost digital trust. Also covered: why companies must be careful when using open source software. ...
MOVEit Transfer 弱點及 CL0P 勒索軟體集團的常見問答集
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang....
網路安全概要: 要達到強大的雲端安全性,就要專注於設定
Check out the NCSC’s advice about proper configuration in cloud security. Plus, a detailed guide about LockBit ransomware. Also, don’t miss OWASP’s revised list of top API security risks. Plus, CISA’s warning about remote network management tools. And much more!...
CVE-2023-20887:網路指令插入的 VMware Aria 作業
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8....
Microsoft 的 2023 年 6 月份 Patch Tuesday 解決了 70 個 CVE (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical....
CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately....
Tenable 網路觀察:6 個關鍵且常見的網路錯誤觀念、大幅提升 IAM 安全性的最佳做法等等
This week’s edition of the Tenable Cyber Watch unpacks the six most critical and common cyber misconceptions and shares tips on how to better distribute software bills of materials. Also covered: the best practices to boost IAM security from CISA and the NSA. ...