How Risk-based Vulnerability Management Can Help Address the Most Commonly Exploited Vulnerabilities Today
Tenable's analysis of the 29 vulnerabilities highlighted in a recent CISA alert reveals key differences between CVSS and our Vulnerability Priority Rating.Attackers continue to exploit known and prevalent vulnerabilities. Last year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
专注于基本面:6 步实现勒索软件的有效防范
勒索软件将不良的网络安全机制当作提款机。下面是采取行动改善安全防范措施的 6 个步骤。勒索软件攻击几乎已成为每家企业董事会讨论的话题。In 2020 alone, there were more than 300 million ransomware attacks recorded, an increase of more…
False Negatives in Attack Surface Mapping
Attack surface mapping tools can miss assets for a wide variety of reasons. Here we list 15 such scenarios, including a broken DNS server, the use of round-robin DNS and ephemeral infrastructure.
A Powerful Tenable.asm Feature: HTML Search
Find out why Tenable.asm’s HTML search capability is so practical and powerful, as it offers nearly infinite flexibility to build whatever search you need to and report on it expeditiously.
Zero Days Do Not Wait for CVEs
Learn why an attack surface map can provide invaluable and unique help in detecting zero day vulnerabilities.
The Right Way to do Attack Surface Mapping
The key to mapping out your attack surface accurately is to scan all of your organization's assets, develop an asset inventory list and find shadow IT.
Passive DNS Is the Wrong Way To Do Attack Surface Mapping
When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program.
Primary Group ID Attack in Active Directory: How to Defend Against Related Threats
The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a trace.The Primary Group ID in Active Directory was originally developed to support the UNIX POSIX…
How to Stop the Kerberos Pre-Authentication Attack in Active Directory
Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an initial request to authenticate without a password. This is an artifact left over from Kerberos…
Crawling Is the Wrong Way To Do Attack Surface Mapping
When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets.
Infrastructure as Code Security Requires Programmatic Controls
Empower develops with a programmatic approach to security. 以下是需要了解的信息。The concept of shifting security as far left into development as possible is not new, and it is fairly easy to see the benefits: when you catch issues earlier in the software development lifecycle (SDLC) you…
现金应用程序欺诈:先用赠品诱惑 Instagram 用户,然后通过 YouTube 视频承诺轻松的赚钱渠道
Cash App scammers are targeting users on Instagram and YouTube. Here’s what you need to know about their tactics — and how to avoid being conned.In part one of our two-part series on Cash App scammers, I explored how promotional tactics used by the popular person-to-person (P2P) payment…
