網路安全快照: North Korea’s Cyber Spies Hunt for Nuclear Secrets, as Online Criminals Ramp Up AI Use in the EU
Check out a CISA-FBI advisory about North Korean cyber espionage on critical infrastructure orgs. Plus, what Europol found about the use of AI for cybercrime. Meanwhile, the risk concerns that healthcare leaders have about generative AI. And a poll on water plant cybersecurity. And much more!...
ConfusedFunction:影响 GCP 云功能的权限提升漏洞
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs ...
Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design
With the unprecedented tech outages experienced by so many of our customers over the last week, we recognize the need for deeper understanding of our software development processes and how they support global business continuity. In this blog post, we’ll outline how Tenable’s comprehensive approach ...
如果您只有五分钟时间,可以在此一窥 CNAPP(但我们也有电子书)
如果您对云原生应用保护平台(CNAPP)的种种说法感到困惑,请不要担心。Our new eBook “Empower Your Cloud: Mastering CNAPP Security” explains in plain English what CNAPP is, how it works and why it’ll help you secure your cloud environment confidently. Read o...
使用适用于机密 SaaS 的 JIT Access 改进云安全
Using just-in-time controls to secure access to your SaaS applications will reduce your cloud attack surface by avoiding permanent access and enforcing least privilege....
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security....
关于 CrowdStrike 事件的 Tenable 客户更新
Please read this important customer update about CrowdStrike's recent incident....
網路安全快照: CISA Breaks Into Agency, Outlines Weak Spots in Report, as Cloud Security Alliance Updates Cloud Sec Guidance
CISA’s red team acted like a nation-state attacker in its assessment of a federal agency’s cybersecurity. Plus, the Cloud Security Alliance has given its cloud security guidance a major revamping. Meanwhile, a Google report puts a spotlight on insecure credentials. And the latest on open source secu...
Tenable Announces Former Senior Administration Officials to Inaugural Public Sector Advisory Board
Rob Joyce and Mark Weatherford will help Tenable shape federal cyber and AI policy...
Oracle 2024 年 7 月重要补丁更新解决了 175 个 CVE
Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates....
網路安全快照: CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills
Check out CISA’s call for weeding out preventable OS command injection vulnerabilities. Plus, the Linux Foundation and OpenSSF spotlight the lack of cybersecurity expertise among SW developers. Meanwhile, GenAI deployments have tech leaders worried about data privacy and data security. And get the l...
基于风险的漏洞管理如何提升现代 IT 环境的安全态势
漏洞评估和漏洞管理似乎没什么不同,其实不然。正如 Enterprise Strategy Group 发布的一份新白皮书所述,关键是要了解它们之间的差异,并从临时性的漏洞评估转变为持续的、基于风险的漏洞管理(RBVM)。Read...
