Tenable 部落格
CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication...
Tenable 網路觀察:CSA 發表零信任認證、CISA 更新了安全證明表單等等
This week’s edition of Tenable Cyber Watch unpacks CISA’s Security Attestation Form Draft and discusses CSA’s new Zero Trust Certification. Also covered: The FCC’s new pilot program that would help U.S. schools and libraries boost their cybersecurity. ...
網路安全概要: 美國、英國政府對建立安全的 AI 系統提出建言
Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants abo...
利用身分驗證掃描發揮您弱點掃描的最高價值
Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning...
AWS Access Analyzer 愈來愈強大,Tenable Cloud Security 也是
AWS IAM Access Analyzer now has an API allowing you to make custom policy checks. Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. Find out how and why it’s important.AWS today announced a significant enhancement to AWS IAM Access Analyzer (AA) all...
身分:雲端中安全性的結締組織
幾乎所有雲端中的資源,都可能因為一個過度權限或錯誤設定而曝險。 Proper cloud posture and entitlement management can help mitigate risk and eliminate toxic combinations....
Tenable 網路觀察:NCSC 針對量子威脅提出指引、為保護軟體供應鏈所採用的 SBOM 以及更多內容
This week’s edition of Tenable Cyber Watch unpacks what organizations need to do to prepare for quantum computing attacks and addresses SBOM adoption to help organizations beef up the security of the software supply chain. Also covered: 美國Office of Management and Budget drafts guidance for fe...
網路安全概要: U.S. 政府修法,對軟體廠商進行問卷調查尋求有關安全評估的意見
Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. Plus, it’s warning cyber teams about the threats from the Rhysida and Scattered Spider cybercrime groups. In addition, the...
Decrypting CNAPP: Moving Beyond the Acronyms and Analyst Jargon to a Unified Approach to Cloud Security
CNAPPs provide end-to-end protection of cloud workloads by combining previously siloed tools, such as CSPM and CWPP into a single platform. In this post, we’ll explain what the key benefits of CNAPP are and how organizations can use these tools to protect their cloud workloads....
