Tenable 部落格
How to Take Vulnerability Management to the Next Level and Supercharge Your Career
儘管近期強化了安全性,Entra ID 的同步功能依然遭到濫用
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited.
5 分鐘內加強雲端安全:如何保護您的雲端工作負載
In the first installment of Tenable’s “Stronger Cloud Security in Five” blog series, we covered cloud security posture management (CSPM), which focuses on protecting your multi-cloud infrastructure by detecting misconfigurations. Today, we turn to securing cloud workloads, which are the…
Verizon 2025 DBIR (Verizon 2025 年資料外洩調查報告):Tenable Research 的合作讓 CVE 修復趨勢受到矚目
The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge…
CISA BOD 25-01 合規性: 美國政府機構必須知道的事
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.
ConfusedComposer:影響 GCP Composer 的特權提升弱點
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate…
Turn to Exposure Management to Prioritize Risks Based on Business Impact
每週一,Tenable 曝險管理學院都會分享實用且貼近真實世界的指引,協助您從弱點管理成功轉向曝險管理。 In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have…
CVE-2025-32433:Erlang/OTP SSH 未驗證的Unauthenticated 遠端程式碼執行弱點
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.
網路安全概要: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on…
有關 MITRE CVE 方案到期和續訂的常見問答集
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation.
聯絡我們的銷售團隊