SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact....
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources....
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers....
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems....
Cyentia 和 FIRST 的研究表明,EPSS 在预测漏洞利用方面表现出色
Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation. ...
ConfusedFunction:影响 GCP 云功能的权限提升漏洞
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs ...
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security....
基于风险的漏洞管理如何提升现代 IT 环境的安全态势
漏洞评估和漏洞管理似乎没什么不同,其实不然。正如 Enterprise Strategy Group 发布的一份新白皮书所述,关键是要了解它们之间的差异,并从临时性的漏洞评估转变为持续的、基于风险的漏洞管理(RBVM)。Read...
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from atta...
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services....
Tenable 云安全研究显示,95% 的受访企业在过去 18 个月的时间里遭受过与云相关的外泄
Tenable 2024 年云安全展望研究中的发现清楚地表明了市场对主动且强大的云安全的需求。 Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud infrastruc...
FlowFixation:AWS Apache Airflow 服务接管漏洞以及为何忽视护栏会导致主要 CSP 面临风险
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of m...