Tenable 博客
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
2024 年可能影响安全性的趋势
Discover the transformative shifts reshaping Operational Technology (OT) security in an evolving threat landscape.
網路安全快照: 想要安全部署 AI?新的业界团队将编撰 AI 安全最佳实践
A group that includes the Cloud Security Alliance, CISA and Google is working to compile a comprehensive collection of best practices for secure AI use. Meanwhile, check out a draft of secure configuration recommendations for the Google Workspace suite. Plus, MITRE plans to release a threat model…
孩子们有麻烦了:Edulog 门户网站中的漏洞泄露了 K-12 学生的位置数据
Tenable Research discovered security flaws in a popular transportation management app that allowed access to student location data. While these issues have been fixed, the findings again prove the importance of strong authentication and access control.
Microsoft 补丁星期二 2023 年回顾
Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities.
Microsoft 的 2023 年 12 月补丁星期二解决了 33 个 CVE (CVE-2023-36019)
Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month.
Tenable 网络观察:2023 年网络技能供不应求,2023 年最受欢迎的网络技术技能,等等
This week edition of Tenable Cyber Watch unpacks the 2023 cyber skills shortage and addresses the most sought-after cyber skills in 2023. Also covered: The most in-demand cybersecurity jobs from 2023 according to COMPTIA's "State of the Tech Workforce Report." Why did CISA urge AI vendors to…
如何应对 OT 挑战:资产清单和漏洞评估
The plurality of devices and protocols found in operational technology (OT) environments makes asset discovery and remediation a challenge. Here’s how Tenable OT Security can help.
網路安全快照: 随着 OpenSSF 发布安全软件原则,CISA 呼吁软件制造商使用内存安全语言
CISA is urging developers to stamp out memory vulnerabilities with memory safe programming languages. Meanwhile, the OpenSSF published 10 key principles for secure software development. Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the…
CVE-2023-4966 (CitrixBleed):将活动或持久会话置于无效状态,防止进一步受到侵害
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication