Tenable 博客
From Vulnerability to Visibility: What the SharePoint Attacks Reveal About the Need for Proactive Cybersecurity
CVSSv4 is Coming: What Security Pros Need To Know
The latest revision of the industry standard for ranking vulnerabilities has some changes that practitioners will find useful. Here, we'll discuss them, as well as Tenable' plans to implement the scoring system in its products....
Tenable 网络观察:Verizon DBIR 发出要警惕 BEC 和勒索软件,云安全应成为 CISO 的首要关切等提醒
This week’s edition of the Tenable Cyber Watch unpacks Verizon’s DBIR 2023 report and its warnings about the rise in BEC scams and ransomware attacks and addresses the greatest areas of concerns for cybersecurity leaders. Also covered: why app stores may soon be required to disclose their apps’ coun...
CVE-2023-33299: FortiNAC 中的重大远程代码执行漏洞
Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC...
网络安全快照: 联邦政府对 CL0P 团伙展开追捕,请阅读有关勒索软件响应、安全云管理和云应用程序数据隐私的提示
Learn all about the U.S. government’s reward for CL0P ransomware leads. Plus, check out ransomware incident response recommendations. Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. And much more!...
Shared Responsibility Model in the Cloud
CSPs have embraced a shared responsibility model to define the security responsibilities for different components of the architecture....
Tenable 网络观察:美国政府更新勒索软件指南、 Lineaje 研究揭示 OSS 中的供应链风险,等等
This week’s edition of the Tenable Cyber Watch unpacks the most recent updates to the U.S. government’s #StopRansomware Guide and addresses the steps organizations can take to boost digital trust. Also covered: why companies must be careful when using open source software. ...
MOVEit Transfer 漏洞和 CL0P 勒索软件团伙常见问题
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang....
网络安全快照: 实现强大的云安全,聚焦配置
Check out the NCSC’s advice about proper configuration in cloud security. Plus, a detailed guide about LockBit ransomware. Also, don’t miss OWASP’s revised list of top API security risks. Plus, CISA’s warning about remote network management tools. And much more!...
CVE-2023-20887:VMware Aria 网络运营命令注入
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8....
