Media room

While zero-day exploitation surged throughout 2023, CISA said threat actors continue to exploit known vulnerabilities that were disclosed and patched as far back as 2017.

Satnam Narang, senior staff research engineer at Tenable, told TechTarget Editorial that the inclusion of vulnerabilities in VPNs and internet-exposed services was a common thread among many of the flaws highlighted in the advisory. Narang added that there's a strong correlation between internet-facing systems that utilize software containing known vulnerabilities and the likelihood of exploitation.

Narang also said CVE-2017-6742 exploitation has been connected to the Russian state-sponsored advanced persistent threat group known as Fancy Bear. The group exploited another vulnerability, tracked as CVE-2023-23397, on CISA's advisory to target Microsoft Exchange accounts.

Russia's premiere advanced persistent threat group–APT29–has been phishing thousands of targets in militaries, public authorities, and enterprises.

"APT29 embodies the 'persistent' part of 'advanced persistent threat,'" says Satnam Narang, senior staff research engineer at Tenable. "It has persistently targeted organizations in the United States and Europe for years, utilizing various techniques, including spear-phishing and exploitation of vulnerabilities to gain initial access and elevate privileges. Its modus operandi is the collection of foreign intelligence, as well as maintaining persistence in compromised organizations in order to conduct future operations."

That APT29 would go after sensitive credentials from geopolitically prominent and diverse organizations is no surprise, Narang notes, though he adds that "the one thing that does kind of stray from the path would be its broad targeting, versus [its typical more] narrowly focused attacks."

Exposure management provider Tenable has introduced new data security posture management and artificial intelligence security posture management capabilities to its Tenable Cloud Security platform. The updates, available to Tenable Cloud Security and Tenable One customers, address the increasing complexity of cloud environments, which often face risks from misconfigurations, overexposed workloads, and excessive privileges. Tenable Research identified that 38% of organizations struggle with a "toxic cloud triad" -- a combination of exposed, vulnerable, and highly privileged cloud workloads.

Tenable has shared details on a dependency confusion attack method that could have exposed Google Cloud Platform (GCP) customers to remote code execution (RCE) attacks.

In this episode of the IoT Insider podcast, Bernard Montel provides a brief history of the evolution of the Cloud and the challenges of securing it.

Tenable's Scott McKinnel discusses how preventive cybersecurity can reduce insurance premiums.