These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from…
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
Tenable 雲端安全研究報告指出,有高達 95% 的受訪企業在過去 18 個月內曾遭遇過雲端相關資料外洩事故
《Tenable 2024 年雲端安全展望》研究報告結果清楚顯示需要主動且健全的雲端安全。Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud…
FlowFixation:AWS Apache Airflow 服務接管弱點以及為何忽視防護措施使大型雲端服務供應商 (CSP) 陷入風險之中
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of…
Pig Butchering Scam: From Tinder and TikTok to WhatsApp and Telegram, How Scammers Are Stealing Millions in a Long Con
In part one of a two-part series on Pig butchering, we detail the pervasive scam that has impacted thousands of victims around the world, resulting in the loss of hundreds of millions of dollars. This blog highlights the who and the how of Pig butchering scams, and details the Pig butchering…
Pig Butchering Scam: How Bitcoin, Ethereum, Litecoin and Spot Gold (XAUUSD) Investments Are Used in Romance Scams to Steal Hundreds of Millions
This is the second part of a two-part series based on firsthand research into pig butchering scams from the end of 2022 into early 2024. In this post, we delve into the types of investment scams perpetrated by pig butchers to steal hundreds of millions of dollars from victims, including in the form…
孩子們並不安全: Edulog 入口網站中的弱點暴露了幼稚園、小學和中學學生的所在位置資料
Tenable Research discovered security flaws in a popular transportation management app that allowed access to student location data. While these issues have been fixed, the findings again prove the importance of strong authentication and access control.
利用身分驗證掃描發揮您弱點掃描的最高價值
Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning
Navigating the Roadblocks: Overcoming People, Process, and Technology Challenges for Preventive Security in Japan
Uncover the obstacles hindering preventive cybersecurity and ways to build cyber resilience for your Japanese organisation in a commissioned study conducted in 2023 by Forrester Consulting on behalf of Tenable.
ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services
Unpatched Apache Airflow instances used in Amazon Web Services (AWS) and Google Cloud Platform (GCP) allow an exploitable stored XSS through the task instance details page.
What’s Stopping Organisations in India from Practicing Preventive Cybersecurity?
Uncover the obstacles hindering preventive cybersecurity and ways to build cyber resilience for your Indian organisation in a commissioned study conducted in 2023 by Forrester Consulting on behalf of Tenable.
聯絡我們的銷售團隊