如何使用 Tenable 解决方法强化 GitLab 权限
If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive data, while creating security risks. In this blog, we’ll…
ImageRunner:影响 GCP 云运行的特权提升漏洞
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
谁害怕云环境中的 AI 风险?
Tenable 2025 年云 AI 风险报告显示,70% 的 AI 云工作负载至少有一个未修复的重要漏洞,而 AI 开发人员服务因存在风险较高的默认权限而问题频发。了解贵企业在加强 AI 游戏时需要了解的信息。
如何降低 DNS 基础设施风险来保障云攻击面的安全
Mismanaging your DNS infrastructure could put you at risk of destructive cyberattacks – especially as your cloud attack surface expands. Read on to learn about DNS vulnerabilities, the impact of DNS takeover attacks, and best practices for DNS security, including how new Tenable plugins can help…
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.
全新的 CISA 强化指导对网络安全工程师提供宝贵的见解
Recent guidance from CISA and the FBI highlights best practices to monitor and harden network infrastructure. The guidance, published in response to high-profile attacks on telecom infrastructure, is applicable to a wider audience. This blog unpacks important points and explains how Tenable…
Volt Typhoon:州政府和地方政府需要了解的事项
Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
特定领域语言的负面影响:揭秘 OPA 和 Terraform 的新攻击技术
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen?…
谁害怕有害云三要素?
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization.
CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage
Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially…
The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments.
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
联系我们的销售团队