ImageRunner:影响 GCP 云运行的特权提升漏洞
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
谁害怕云环境中的 AI 风险?
Tenable 2025 年云 AI 风险报告显示,70% 的 AI 云工作负载至少有一个未修复的重要漏洞,而 AI 开发人员服务因存在风险较高的默认权限而问题频发。了解贵企业在加强 AI 游戏时需要了解的信息。
选择合适的云安全提供商:保护云安全的五大必要原则
Protecting your cloud environment for the long term involves choosing a security partner whose priorities align with your needs. 以下是需要了解的信息。
创建优雅的 Azure 自定义角色:将 NotActions 投入实际应用!
Creating custom Roles in Azure can be a complex process that may yield long and unwieldy Role definitions that are difficult to manage. However, it doesn’t have to be that way. Read on to learn how you can simplify this process using the Azure “NotActions” and “NotDataActions” attributes, and…
本次“数据隐私日”有何不同?
As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.”
如何使用 Tenable Cloud Security 清理云环境
You must periodically review your cloud environments to remove old and unused resources because they can create security risks. But what is the right way to perform this task? Read on to learn about five best practices we employ internally to clean up our cloud accounts which we hope can help…
选择合适的 CNAPP: 中型企业的六个考虑因素
Mid-sized enterprises increasingly find themselves in need of a CNAPP, as their cloud adoption matures. But how should they go about selecting the right one? What questions should they ask and what criteria should they use? Here we unpack six key considerations that’ll help them evaluate their…
Web 应用程序扫描器 101:安全专家需要了解哪些 CI/CD 管道知识
Git, repositories and pipelines…oh my! We unpack standard practices in the web app development process and provide guidance on how to use Tenable Web Application Scanning to secure your code.
出台新的 AWS 控制政策
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis.
特定领域语言的负面影响:揭秘 OPA 和 Terraform 的新攻击技术
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen?…
谁害怕有害云三要素?
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization.
保护云中的金融数据:Tenable 能够带来哪些助益
Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
联系我们的销售团队