CIO

JUNE 28, 2023

Zero Trust adoption is accelerating, with over half of organizations reporting they have adopted Zero Trust Security, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise. What’s driving the adoption of Zero Trust Security?

Study 246

Study Policies Network Architecture 246

Tenable

JANUARY 26, 2024

1 - Using AI securely: Global cyber agencies publish new guide Is your organization – like many others – aggressively adopting artificial intelligence to boost operational efficiency? If so, you might want to check out a new guide published this week about how businesses can use AI securely.

Artificial Inteligence 115

Artificial Inteligence Artificial Intelligence Weak Development Team Technical Advisors 115

Palo Alto Networks

MAY 7, 2024

New capabilities enable customers to counter AI with AI, secure AI by design and simplify security. To help our customers combat new threats while also leveraging the promise of efficient security, Palo Alto Networks is introducing Precision AI TM. What Does AI Mean for Cybersecurity? How Should Security Teams React?

Generative AI 90

Generative AI Firewall Network Enterprise 90

Tenable

AUGUST 30, 2023

Analysis CVE-2023-2868 is a remote command injection vulnerability in Barracuda ESG appliances due to improper handling of emails with attachments. Image Source: Mandiant , June 2023 To exploit the vulnerability, an attacker would send a specially crafted TAR file containing a malicious payload within the filename.

Malware 115

Malware Software Review Systems Review Exercises 115

Tenable

SEPTEMBER 12, 2023

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761) Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild. Important CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability CVE-2023-36761 is an information disclosure vulnerability in Microsoft Word.

LAN 119

LAN Windows 3D Azure 119

Tenable

SEPTEMBER 15, 2023

Tasked with securing your org’s new AI systems? Plus, open source security experts huddled at a conference this week – find out what they talked about. That’s the topic of the paper “ Securing AI: Similar or Different? published by Google’s Cybersecurity Action Team. ” published by Google’s Cybersecurity Action Team.

Open Source 113

Open Source Systems Review System Software Review 113

CIO

MARCH 3, 2024

For its 2023 Security Priorities report, Foundry surveyed 790 IT security workers to understand their projects and priorities. Printers are often not subject to the rigorous security measures routinely applied to computing devices; for example, complex passwords and rigorous patching and software update regimes.

Survey 278

Survey Malware Infrastructure Report 278

Tenable

DECEMBER 29, 2023

As we reflect on the many accomplishments Tenable OT Security achieved in 2023, one thing is clear: we couldn’t have done it without the support and collaboration of our customers and partners. As we bid farewell to 2023, these end-of-year days are a perfect opportunity to look back and summarize this incredible year.

Systems Review 72

Systems Review Technical Review Software Review IoT 72

Tenable

OCTOBER 6, 2023

A SANS Institute survey found that budgets for ICS/OT security have shrunk, and advises on how to do more with less. In addition, CISA’s Cybersecurity Awareness Month campaign challenges tech vendors to build safer products. For more information about ICS/OT security, check out these Tenable blogs and videos: “ Three U.S.

Budget 65

Budget Report Survey Open Source 65

Tenable

JANUARY 10, 2024

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors. Background On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.

Policies 72

Policies Authentication Analysis Network 72

Tenable

NOVEMBER 24, 2023

Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. government will evaluate the security practices of its software vendors – and offer your two cents. In addition, there’s a new zero trust certification.

Software Review 70

Software Review Software Insurance Software Development 70

Aqua Security

JANUARY 18, 2023

Last month Aqua published a blog with the predictions from our Nautilus security research team regarding trends and new threats we are watching for 2023. In case you missed it over the holidays, we’ve included a link at the end of this post – it’s definitely worth the read.

Trends 111

Trends Cloud Research Software 111

Tenable

OCTOBER 10, 2023

We omitted CVE-2023-44487 from our counts as this vulnerability was reported to MITRE and not Microsoft and does not exclusively affect Microsoft products. It was exploited in the wild as a zero-day and was publicly disclosed prior to the October 2023 Patch Tuesday release. Details about this flaw are included in our analysis below.

Windows 115

Windows Software Review Azure Systems Review 115

CircleCI

JANUARY 13, 2023

On January 4, 2023, we alerted customers to a security incident. Today, we want to share with you what happened, what we’ve learned, and what our plans are to continuously improve our security posture for the future. Security best practices. On January 5, 2023, at 03:26 UTC, we revoked all Project API Tokens.

Report 145

Report Systems Review Malware Software Review 145

Tenable

APRIL 12, 2024

Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. And the NSA is sharing best practices for data security. Cybersecurity and Infrastructure Security Agency (CISA) in its Emergency Directive 24-02 , sent to federal civilian agencies last week and made public this week. And much more!

Generative AI 116

Generative AI Malware Trends Government 116

Tenable

MARCH 14, 2024

CVE Description CVSSv3 Severity CVE-2023-48788 Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command) 9.3 Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3 and also links to an advisory that is not currently available.

Software Review 66

Software Review Systems Review Authentication Infrastructure 66

Tenable

JANUARY 16, 2024

Analysis CVE-2023-6548 is a RCE vulnerability in the NetScaler ADC and Gateway appliances. CVE-2023-6549 is a denial of service (DoS) vulnerability in the NetScaler ADC and Gateway appliances. VPN, ICA Proxy, CVPN, RDP Proxy) or as a AAA virtual server.

Authentication 116

Authentication Network Internet Virtualization 116

Tenable

OCTOBER 4, 2023

Infrastructure Investment and Jobs Act created the State and Local Cybersecurity Grant Program (SLCGP) to help state, local, tribal and territorial (SLTT) governments address an ever-evolving cybersecurity threat landscape. The 2023 Notice of Funding Opportunity (NOFO), released in August, provides $374.9

Programming 64

Programming Meeting How To Government 64

Tenable

DECEMBER 8, 2023

Meanwhile, the OpenSSF published 10 key principles for secure software development. Cybersecurity and Infrastructure Security Agency (CISA) issued a clarion call for software makers to use so-called “memory safe” programming languages. Plus, malware used in fake browser-update attacks ballooned in Q3. And much more!

Software Review 68

Software Review Software Malware Software Development 68

Tenable

SEPTEMBER 27, 2023

CVE-2023–29357, CVE-2023–24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution. and rated critical.

Authentication 131

Authentication Research Video Analysis 131

Palo Alto Networks

OCTOBER 5, 2023

With an ever-growing attack surface in an increasingly interconnected world, there has never been a more critical time to educate and train a cybersecurity workforce with the advanced skills required for meaningful jobs that complement technological innovation. JR Gumarin presents at the 2020 in-person Secure the Future competition.

Technical Review 114

Technical Review Education Transportation Network 114

Tenable

DECEMBER 12, 2023

Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities. Background Microsoft’s Patch Tuesday, a monthly release of software patches for various Microsoft products, celebrated its 20th anniversary in 2023. Information Disclosure vulnerabilities accounted for 12.5%

Software Review 70

Software Review Trends Groups Research 70

Tenable

DECEMBER 12, 2023

4 Critical 29 Important 0 Moderate 0 Low Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month. Microsoft patched 33 CVEs in its December 2023 Patch Tuesday release, with four rated critical and 29 rated as important. It was assigned a CVSSv3 score of 9.6

Windows 113

Windows Software Review Azure Internet 113

Tenable

OCTOBER 2, 2023

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10 Background On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server , a secure file transfer solution, addressing eight vulnerabilities.

Software Review 121

Software Review Software Systems Review Authentication 121

Palo Alto Networks

JULY 11, 2023

Modern Network Security Is Crucial With digital transformation accelerating, protecting the modern network has never been more important. With this in mind, Palo Alto Networks is proud to announce INTERSECT ‘23: Network Security Summit , a free 1-day virtual conference created for network security thought leaders and professionals.

Network 80

Network Innovation Meeting IoT 80

Tenable

SEPTEMBER 27, 2023

Background The Tenable Security Response Team has put together this blog to answer frequently asked questions (FAQ) to help provide clarity around recently disclosed vulnerabilities including CVE-2023-41064, CVE-2023-4863 and CVE-2023-5129 in an open source library called libwebp.

Open Source 117

Open Source Spyware Operating System Systems Review 117

Prisma Clud

AUGUST 22, 2023

In the cybersecurity maze, finding and addressing vulnerabilities is like chasing shadows. Not All Vulnerabilities Have a CVE ID Full Disclosure Vulnerabilities need to go through a responsible disclosure process, which begins with security researchers reporting found vulnerabilities to the vulnerable project safely. Let's explore how.

Weak Development Team 98

Weak Development Team Open Source Systems Review Software Review 98

Tenable

DECEMBER 15, 2023

A group that includes the Cloud Security Alliance, CISA and Google is working to compile a comprehensive collection of best practices for secure AI use. Meanwhile, check out a draft of secure configuration recommendations for the Google Workspace suite. Dive into six things that are top of mind for the week ending December 15.

Groups 72

Groups Industry Hardware Software Review 72

Palo Alto Networks

NOVEMBER 30, 2023

These professionals have made an indelible mark on the cybersecurity landscape. Our Palo Alto Networks 2023 Partner Award Winners shine a spotlight on those who have gone above and beyond, achieving excellence in various aspects of our partnership.

Google Cloud 91

Google Cloud AWS Firewall Network 91

Palo Alto Networks

APRIL 17, 2024

In the ever-evolving landscape of cybersecurity, the specter of ransomware looms larger than ever before. Just yesterday, I had the opportunity to testify before the House Financial Services Subcommittee on National Security, Illicit Finance and International Financial Institutions, and bring that insight to bear.

Artificial Intelligence 92

Artificial Intelligence Artificial Inteligence Government Technical Review 92

Tenable

DECEMBER 6, 2023

Tenable Research has published two blogs on CitrixBleed, our initial analysis of the vulnerability as well as a Frequently Asked Questions (FAQ) blog providing added context surrounding the in-the-wild exploitation by threat actors including multiple ransomware groups. ransomware group in their exploitation of CitrixBleed.

Systems Review 73

Systems Review Authentication Analysis Malware 73

Tenable

JANUARY 31, 2024

Frequently asked questions for four CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days. Released January 10 CVE-2024-21887 Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability 9.1

Policies 62

Policies Malware Authentication Software Review 62

Palo Alto Networks

OCTOBER 11, 2023

How State and Local Governments Help Secure Our World Twenty years after Congress declared October as Cybersecurity Awareness Month, much has changed, but not the need for broad collaboration to help us keep pace with the threats before us. We must secure our schools, hospitals, small businesses and first responders.

Government 93

Government Education Cloud Programming 93

Tenable

SEPTEMBER 11, 2023

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled. This blog post was published on September XX and reflects VPR at that time.

Groups 119

Groups Report Authentication Software Review 119

Tenable

JANUARY 12, 2024

Check out expert recommendations for deploying AI tools securely. 1 - How to ensure AI helps, not hurts, cybersecurity How can organizations use artificial intelligence (AI) in a way that’s safe and that benefits cybersecurity? In addition, cyber insurance demand is forecast to grow robustly. And much more!

Systems Review 72

Systems Review System Technical Review Development Team Review 72

Tenable

JANUARY 3, 2024

The Tribal Cybersecurity Grant Program (TCGP) is accepting applications through January 10, making $18.2 Recent ransomware attacks show the urgent need for tribal nations to strengthen their cybersecurity posture and reduce risk. Implement security protections commensurate with risk. A full list can be found here.

Government 66

Government Systems Review Technical Review Programming 66

DevOps.com

NOVEMBER 7, 2022

found nearly three-quarters (73%) of organizations plan to increase investment in application security in 2023. The survey, conducted by Wakefield Research on behalf of Invicti, a provider of dynamic application security testing (DAST) tools, also found 97% of DevSecOps teams said they ignored a real vulnerability […].

Budget 106

Budget Applications Survey Research 106