Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild.
Log4Shell:OT 社群應立即採取的 5 個步驟
操作技術 (OT) 環境同樣也面臨 Apache Log4j 軟體缺陷帶來的風險。以下是您現在就可以採取的行動。
Apache Log4j 缺陷:網路安全產業的福島核電廠等級重大事故
Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
Apache Log4j 缺陷讓第三方軟體成為目光焦點
Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
CVE-2021-44228:Apache Log4j 重大遠端程式碼執行弱點 (Log4Shell) 概念驗證已可供使用
常用記錄程式庫 Log4j 2 中的重大弱點影響了許多服務與應用程式,包括:Minecraft、Steam 和 Apple iCloud。攻擊者已開始積極掃描並嘗試惡意刺探此軟體缺陷。
How to Start Up Your Cloud Security
Startups may think they can postpone implementing a cloud security program but should in fact take early action — here’s why, and easy steps for doing so.
全新推出的 Tenable.cs:完整的生命週期,雲端原生安全性
新產品將我們近期收購的 Accurics 平台加以延伸,專門針對基礎架構即程式碼 (IaC) 的開發與執行階段工作流程,利用整合式控制機制提供 DevSecOps 並提早納入安全性 (shift left security)。
保障 IT-OT 環境的安全:何以 IT 安全專業人員總是力不從心
對於資安專業人員來說,在融合式 IT 與 OT 環境中提供網路安全方案時,瞭解這兩者之間的差異,並且利用可在單一檢視畫面中同時提供這兩種環境全貌的工具組,是非常關鍵的事。
#GivingTuesday: Favorite Charities of Tenable Employees
This year for #GivingTuesday, we highlight some of the causes that Tenable employees have championed this year and invite you to do the same.
Not Just Buckets: Are You Aware of ALL Your Public Resources?
A misconfiguration of resource-based policies can inadvertently make resources public. Do you have such misconfigured policies present in your environment?
Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live
Scammers are leveraging compromised YouTube accounts to promote fake cryptocurrency giveaways for Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu and other cryptocurrencies.
Identifying Server Side Request Forgery: How Tenable.io Web Application Scanning Can Help
Learn how SSRF flaws arise, why three common attack paths are so challenging to mitigate and how Tenable.io Web Application Scanning can help.