Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, C...
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches....
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime plat...
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26....
Como estabelecer um programa de segurança na nuvem: práticas recomendadas e lições aprendidas
À medida que desenvolvemos o programa de segurança da nuvem da Tenable, nós da equipe de Infosec fizemos muitas perguntas e enfrentamos desafios interessantes. Ao longo do caminho, aprendemos lições valiosas e incorporamos práticas recomendadas importantes. In this blog, we’ll discuss how we’ve approached implementing our cloud security ...
Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
Report finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS vulnerabil...
An Analyst’s Guide to Cloud-Native Vulnerability Management: Where to Start and How to Scale
Cloud-native workloads introduce a unique set of challenges that complicate traditional approaches to vulnerability management. Learn how to address these challenges and scale cloud-native vulnerability management in your org....
Mastering Containerization: Key Strategies and Best Practices
As organizations modernize their infrastructure, containers offer unparalleled flexibility and scalability but they also introduce unique security challenges. In this blog we explain container security challenges, identify top threats and share how the newly released Tenable Enclave Security can kee...
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer ...
Cybersecurity Snapshot: Hackers apoiados pela Rússia visam organizações de infraestrutura crítica, enquanto fraudes de criptomoedas aumentam
Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity underst...
Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
Microsoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild....
CVE-2021-20123, CVE-2021-20124: DrayTek Vulnerabilities Discovered by Tenable Research Added to CISA KEV
With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect....