Tenable 网络观察:美国 Black Hat 热门话题,SANS 发布的 2023 安全意识报告,等等
This week’s edition of Tenable Cyber Watch dishes out five hot takes from Black Hat USA and provides guidance on how to better mitigate shadow IT risks. Also covered: How you can boost your security awareness program. ...
網路安全快照: 美国在 AI 网络工具竞赛中获奖数百万,同时 NIST 修改网络安全框架
Got an idea for a new AI-based cybersecurity product? You could win millions in a new contest. Meanwhile, NIST has drafted a major revision to the CSF 2.0 and wants your opinion about it. Also, there’s a new free tool that flags security flaws in public AI models. Plus, most cloud breaches are cause...
在 Tenable One 中引入 ExposureAI:预防性安全未来可期
Tenable One 风险暴露管理平台正在改变企业预防性网络安全措施的实施方式。 Now, with the introduction of ExposureAI, users can unleash the full potential of generative artificial intelligence to stay one step ahead of attackers....
Secure Your AWS EC2 Instance Metadata Service (IMDS)
Read this review of IMDS, an important AWS EC2 service component, to understand its two versions and improve your AWS security....
Microsoft 2023 年 8 月补丁星期二解决了 73 个 CVE (CVE-2023-38180)
Microsoft addresses 73 CVEs, including one vulnerability exploited in the wild....
密码管理和身份验证最佳事件
Attackers are always looking for new ways to crack passwords and gain access to sensitive information. Keeping passwords secure is a challenging, yet critical task. Read this blog to learn several best practices for password management and authentication so you can keep your environment safe....
Tenable 网络观察:SEC 发布新的网络披露规则、MITRE 最危险的软件弱点等
This week’s edition of Tenable Cyber Watch unpacks the new cybersecurity disclosures rules from the U.S. Securities and Exchange Commission and looks at MITRE’s list of the most dangerous software weaknesses. Also covered: Cloud adoption by financial institutions continues to increase. What one stud...
网络安全快照: 什么,我担心?企业采用生成式 AI,安全风险一去不返
Seduced by generative AI’s potential, organizations plunge ahead overlooking its pitfalls. Plus, check out a common flaw that puts web app data at risk. Also, why many zero day bugs last year were variants of known vulnerabilities. Moreover, find out the current cost of a data breach – ouch! And muc...
避免消费安全快餐:良好治理可以从代码到云为您提供帮助
What's involved in shifting cloud security responsibilities to the app development team with governance by the security team?...
AA23-215A:2022 年最常被利用的漏洞
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022....
CNAPPgoat:The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
Here’s all you need to know about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments....
使用服务定位协议 (SLP) 查找公开的管理接口
Exposed management interfaces are valuable entry points for attackers. CISA Binding Operational Directive 23-02 calls for getting them off the internet. Here’s a novel approach for finding some of these elusive devices using SLP....
