網路安全快照: 随着 OpenSSF 发布安全软件原则,CISA 呼吁软件制造商使用内存安全语言
CISA is urging developers to stamp out memory vulnerabilities with memory safe programming languages. Meanwhile, the OpenSSF published 10 key principles for secure software development. Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the cy...
CVE-2023-4966 (CitrixBleed):将活动或持久会话置于无效状态,防止进一步受到侵害
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication...
Tenable 网络观察:CSA 启动零信任认证,CISA 更新安全认证表格等
This week’s edition of Tenable Cyber Watch unpacks CISA’s Security Attestation Form Draft and discusses CSA’s new Zero Trust Certification. Also covered: The FCC’s new pilot program that would help U.S. schools and libraries boost their cybersecurity. ...
網路安全快照: 美国,英国政府就如何构建安全的 AI 系统提供建议
Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants abo...
使用身份验证扫描,最大程度发挥您的漏洞扫描价值
Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning...
AWS Access Analyzer 日新月异,Tenable Cloud Security 不落下风
AWS IAM Access Analyzer now has an API allowing you to make custom policy checks. Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. Find out how and why it’s important.AWS today announced a significant enhancement to AWS IAM Access Analyzer (AA) all...
身份:云中安全的结缔组织
云中的一切与风险暴露之间几乎都只差一个过度特权或错误配置的距离。Proper cloud posture and entitlement management can help mitigate risk and eliminate toxic combinations....
Tenable 网络观察:NCSC 为量子威胁提供指导,SBOM 采用安全软件供应链,等等
This week’s edition of Tenable Cyber Watch unpacks what organizations need to do to prepare for quantum computing attacks and addresses SBOM adoption to help organizations beef up the security of the software supply chain. Also covered: 美国Office of Management and Budget drafts guidance for fe...
網路安全快照: 美国Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors
Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. Plus, it’s warning cyber teams about the threats from the Rhysida and Scattered Spider cybercrime groups. In addition, the...
Decrypting CNAPP: Moving Beyond the Acronyms and Analyst Jargon to a Unified Approach to Cloud Security
CNAPPs provide end-to-end protection of cloud workloads by combining previously siloed tools, such as CSPM and CWPP into a single platform. In this post, we’ll explain what the key benefits of CNAPP are and how organizations can use these tools to protect their cloud workloads....
CitrixBleed 常见问题 (CVE-2023-4966)
Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups....
Tenable 网络观察:11 月已宣布为关键基础设施安全和恢复月,等等
This week’s edition of Tenable Cyber Watch unpacks Critical Infrastructure Security and Resilience month and addresses the “Shields Ready” campaign aimed at promoting critical infrastructure security and resilience. Also covered: Do most organizations need a generative AI policy? What one poll shows...