How A CNAPP Can Take You From Cloud Security Novice To Native In 10 Steps
Context is critical in cloud security. In a recent RSA presentation, Tenable's Shai Morag offered ten tips for end-to-end cloud infrastructure security.
在保護 Kubernetes Persistent Volume 的安全時應牢記的事
To many, Kubernetes is a black box that’s difficult to understand, manage and secure. If you’re using stateful persistent volumes – cloud resources that live and manage data outside the scope of your pods – it can be even darker.
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
網路安全概要: 由於 Tenable 研究發現與雲端相關的資料外洩事件無所不在,CISA 警告醫院留意 Black Basta
Find out why healthcare organizations must beware of the Black Basta ransomware group. Meanwhile, a Tenable study found that 95% of surveyed organizations suffered a cloud-related breach, and offers insights for boosting cloud security. Plus, a Cloud Security Alliance report delves into how AI…
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft 2024 年 5 月的 Patch Tuesday 解決了 59 個 CVE (CVE-2024-30051、CVE-2024-30040)
Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
Tenable 雲端安全研究報告指出,有高達 95% 的受訪企業在過去 18 個月內曾遭遇過雲端相關資料外洩事故
《Tenable 2024 年雲端安全展望》研究報告結果清楚顯示需要主動且健全的雲端安全。Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud…
轉移典範:何以網路保險產業著重於預防性安全
As claims and losses climb, it’s clear that preventive security should be prioritized more when designing a cyber insurance policy. Here’s why preventive security investments are cost effective and can lead to lower premiums.
網路安全概要: New Guide Explains How To Assess if Software Is Secure by Design, While NIST Publishes GenAI Risk Framework
Is the software your company wants to buy securely designed? A new guide outlines how you can find out. Meanwhile, a new NIST framework can help you assess your GenAI systems’ risks. Plus, a survey shows a big disconnect between AI usage (high) and AI governance (low). And MITRE’s breach post…
CVE-2024-21793、CVE-2024-26026:F5 BIG-IP Next Central Manager 弱點的概念驗證已可供參考
Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
網路安全概要: Attackers Pounce on Unpatched Vulns, DBIR Says, as Critical Infrastructure Orgs Benefit from CISA’s Alert Program
Verizon’s DBIR found that hackers are having a field day exploiting vulnerabilities to gain initial access. Plus, a CISA program is helping critical infrastructure organizations prevent ransomware attacks. In addition, check out what Tenable’s got planned for RSA Conference 2024. And get the latest…
As Pro-Russia Hacktivists Target OT Systems, Here’s What You Need To Know
U.S. and international cybersecurity and law enforcement agencies this week issued a joint fact sheet to highlight and safeguard against the continued malicious cyber activity conducted by pro-Russia hacktivists against operational technology (OT) devices in North America and Europe. Read on to get…
聯絡我們的銷售團隊