Tenable

MARCH 1, 2024

Check out what’s new in NIST’s makeover of its Cybersecurity Framework. Also, how to assess the cybersecurity capabilities of a generative AI LLM. 1 - NIST’s Cybersecurity Framework 2.0 1 - NIST’s Cybersecurity Framework 2.0 The Cybersecurity Framework at 10.and And the most prevalent malware in Q4. And much more!

Artificial Inteligence 73

Artificial Inteligence Malware Generative AI Government 73

Tenable

NOVEMBER 24, 2023

Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. government will evaluate the security practices of its software vendors – and offer your two cents. And much more!

Software Review 70

Software Review Software Insurance Software Development 70

Tenable

NOVEMBER 4, 2022

Get the latest on salary trends for CISOs and cybersecurity pros; CISA’s call for adopting phishing-resistant MFA; the White House’s ransomware summit; and more! and Canada improved this year compared with 2021 as employers paid up to retain their cybersecurity chiefs amidst a shortage of qualified candidates for these jobs.

Trends 102

Trends Authentication Recruiting Banking 102

Tenable

JANUARY 10, 2024

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors. Background On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.

Policies 71

Policies Authentication Analysis Network 71

Tenable

NOVEMBER 25, 2022

Get the latest on the Hive RaaS threat; the importance of metrics and risk analysis; cloud security’s top threats; supply chain security advice for software buyers; and more! . Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal Enterprise ” (Tenable blog). What would this look like?

Metrics 52

Metrics Cloud Backup Software Review 52

Tenable

JULY 14, 2023

government for defending CI/CD pipelines. 1 – CISA and NSA issue CI/CD defense guidance Looking for recommendations and best practices to improve the security of your continuous integration / continuous delivery (CI/CD) pipelines? Learn about the guidance from the U.S. Plus, check out the 25 most dangerous software weaknesses.

Weak Development Team 52

Weak Development Team Software Review Software Technical Review 52

Palo Alto Networks

APRIL 6, 2020

In response, the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency ( CISA) has issued cybersecurity guidance in relation to teleworking. Remote Workforce Security Requirements. Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security.

Security 53

Security Government Meeting Company 53

Tenable

FEBRUARY 9, 2024

Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. and international agencies.

Malware 121

Malware Authentication Infrastructure Analysis 121

Tenable

SEPTEMBER 9, 2022

9 | Software supply chain security in the spotlight. Guidance for evaluating IoT security tools. Increasing diversity in cybersecurity. Another look at the major cloud security threats. government stresses software supply chain security. government. . government. . Secure composition analysis.

Security 52

Security IoT Open Source Linux 52

InfoBest

MAY 25, 2023

In today’s digital landscape, where cyber threats are on the rise, ensuring robust cybersecurity measures in custom software development projects is more important than ever. Why is Cybersecurity Important in Software Development? Maintaining Trust Cybersecurity is critical to maintaining user trust.

Software Development 52

Software Development Software Review Weak Development Team Software 52

Tenable

JUNE 23, 2023

That’s why a recent IANS Research blog post about building an incident response process for ransomware caught our eye. and Australian Agencies Publish Joint Cybersecurity Advisory on BianLian Ransomware Group ” (blog) 3 – Guidance on high-risk and emergency access to cloud services The U.K.’s

Cloud 53

Cloud Systems Review Data Disaster Recovery 53

Tenable

DECEMBER 6, 2023

Tenable Research has published two blogs on CitrixBleed, our initial analysis of the vulnerability as well as a Frequently Asked Questions (FAQ) blog providing added context surrounding the in-the-wild exploitation by threat actors including multiple ransomware groups. ransomware group in their exploitation of CitrixBleed.

Systems Review 73

Systems Review Authentication Analysis Malware 73

Tenable

AUGUST 5, 2022

That’s the bad news the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board delivered in a recent report. Drive best practices for security hygiene, such as automated vulnerability management, asset inventorying and vulnerability mitigation, as well as secure software development practices.

Development Team Review 52

Development Team Review Software Review Systems Review Technical Review 52

AWS Machine Learning - AI

JANUARY 26, 2024

Many customers are looking for guidance on how to manage security, privacy, and compliance as they develop generative AI applications. We first delve into the vulnerabilities, threats, and risks that arise from the implementation, deployment, and use of LLM solutions, and provide guidance on how to start innovating with security in mind.

Artificial Inteligence 120

Artificial Inteligence Generative AI Security Applications 120

Tenable

APRIL 20, 2021

Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. On April 20, Pulse Secure, which was acquired by Ivanti last year, published an out-of-cycle security advisory (SA44784) regarding a zero-day vulnerability in the Pulse Connect Secure SSL VPN appliance.

Authentication 133

Authentication Malware Research Government 133

Tenable

JULY 25, 2023

CVE Description CVSSv3 Severity CVE-2023-35078 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability 10.0 Analysis CVE-2023-35078 is an authentication bypass vulnerability in Ivanti’s EPMM. Tenable was provided access to the support article and our blog post reflects what we currently know about this vulnerability.

Mobile 98

Mobile Knowledge Base Authentication Government 98

Tenable

AUGUST 22, 2023

CVE Description CVSSv3 Severity CVE-2023-38035 Ivanti Sentry API Authentication Bypass Vulnerability 9.8 Critical Disclosure of this vulnerability is credited to researchers at mnemonic, which published its own blog post about the discovery. Just like CVE-2023-38035, its discovery is also credited to researchers at mnemonic.

Authentication 52

Authentication Knowledge Base Firewall Mobile 52

Tenable

OCTOBER 28, 2022

Get the latest on Microsoft 365 security configurations; effective CISO board presentations; rating MSPs’ cybersecurity preparedness; and hospitals’ Daixin cyberthreat. Cybersecurity and Infrastructure Security Agency (CISA) released a set of recommended configuration baselines for the Microsoft 365 product suite. .

Cloud 52

Cloud Malware Spyware Authentication 52

Palo Alto Networks

DECEMBER 14, 2020

Over the past few years, I have witnessed a growing focus in Europe on telecom and 5G security. Many service providers in the region are evolving cybersecurity practices and postures, both for existing 4G networks and also for planned 5G deployments, many of which are launching now.

Telecommunications 84

Telecommunications Mobile Network Guidelines 84

Tenable

FEBRUARY 17, 2023

Find out why a study says cybersecurity pros will weather staff reductions better than all other employees. That’s according to the (ISC) 2 cybersecurity industry non-profit organization, which this week published the results of a survey of 1,000 C-level business executives from Germany, Japan, Singapore, the U.S. And much more!

Weak Development Team 52

Weak Development Team ChatGPT Infrastructure Report 52

Tenable

AUGUST 26, 2022

26 | The “platformization” of hybrid cloud security. Tackling IT/OT cybersecurity challenges. Tips for complying with HIPAA’s cybersecurity rule. 1 - IDC sees shift to “platformization” of hybrid cloud security. That’s according to IDC’s “Worldwide Cloud Workload Security Forecast, 2022-2026.” . And much more!

Weak Development Team 52

Weak Development Team Software Review Technical Review Budget 52

Tenable

SEPTEMBER 17, 2020

CISA warns that foreign threat actors from China and Iran are routinely targeting unpatched vulnerabilities across government agencies and U.S.-based CISA has observed these attacks against federal government agencies and other networks based in the United States. Pulse Connect Secure. Pulse Connect Secure. Background.

Software Review 102

Software Review Authentication Research Government 102

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . government advisory on APT exploit of Log4Shell to breach agency. Log4j guidance from the U.S.

IoT 52

IoT Systems Review Guidelines Technical Review 52

Tenable

JUNE 12, 2023

Medium Analysis CVE-2023-27997 is a heap-based buffer overflow vulnerability in the secure socket layer virtual private network (SSL VPN) functionality in FortiOS and FortiProxy in Fortinet devices including its FortiGate Next Generation Firewalls (NGFW). This is reachable pre-authentication, on every SSL VPN appliance.

Firewall 102

Firewall Authentication Research Groups 102

Cloudera

JUNE 7, 2023

By now, almost everyone across the tech landscape has heard of the Zero Trust (ZT) security model, which assumes that every device, application, or user attempting to access a network is not to be trusted (see NIST definitions below). This is the balancing act of security. But as models go, the idea is easier than the execution.

Data 79

Data Government Technical Review Policies 79

Tenable

OCTOBER 12, 2020

Government agencies issue joint cybersecurity advisory cautioning that advanced threat groups are chaining vulnerabilities together to gain entry into government networks and elevate privileges. The following is a list of vulnerabilities referenced in the CISA/FBI joint cybersecurity alert: CVE. Background. Tenable VPR*.

WAN 114

WAN Authentication Government Network 114

Tenable

SEPTEMBER 16, 2022

Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks. On September 14, the Cybersecurity and Infrastructure Security Agency along with the National Security Agency, U.S. Background.

Systems Review 52

Systems Review Software Review Report Authentication 52

Palo Alto Networks

JANUARY 23, 2023

It should come as no surprise that cybersecurity is, once again, priority #1 for state CIOs. Perhaps it’s because none of the other initiatives on the list (not even hybrid work, legacy modernization or cloud adoption) can succeed without a solid cybersecurity foundation. And, they’re innovating faster than ever before.

Government 67

Government Spyware Cloud Network 67

Tenable

APRIL 8, 2021

On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory regarding activity involving advanced persistent threat (APT) actors. Improper Authentication (FortiOS). Background. CVE-2019-5591. CVE-2020-12812.

Authentication 108

Authentication Systems Review Research Groups 108

TIBCO - Connected Intelligence

JANUARY 20, 2022

And while APIs provide accessibility and the platform for innovation, they significantly increase the risk of mishaps and data breaches, challenging all organizations to layer effective API security and governance protection over those APIs. Click To Tweet. See TechCrunch reports on Peloton and Echelon API issues.

Government 26

Government Artificial Inteligence Artificial Intelligence Data Center 26

TechCrunch

FEBRUARY 24, 2022

The attack began with cyberattacks that targeted Ukrainian government departments with floods of internet traffic and data-wiping malware, followed by a ground, sea and air incursion. Lyft is estimated to have around 60 employees in Ukraine and wrote in a December blog post that it had plans to expand its Kyiv office, which opened in April.

Technical Review 197

Technical Review Industry Government Data Center 197

Tenable

MAY 18, 2022

Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency. Authentication Bypass Vulnerability. Background. Description. CVE-2022-22972. CVE-2022-22973.

Authentication 99

Authentication Internet Infrastructure Research 99

Cloudera

DECEMBER 8, 2020

As part of our ongoing commitment to supporting Government regulations and standards in our enterprise solutions, including data protection, Cloudera recently introduced a version of our Cloudera Data Platform, Private Cloud Base product (7.1.5 A More Secure Data Platform. Thus the U.S.

Government 63

Government Data Compliance Technical Review 63

Palo Alto Networks

SEPTEMBER 1, 2021

Critical Infrastructure Blog Series. Furthermore, CI organizations are also anticipating a tighter regulatory landscape as evidenced by the Transportation Security Administration's cybersecurity mandate for owners and operators of pipelines. Securing today's CI and operational technology (OT) is paramount.

Infrastructure 68

Infrastructure Weak Development Team WAN IoT 68

Palo Alto Networks

SEPTEMBER 24, 2020

Our position paper, “A Comprehensive Approach to Securing 5G Networks and Data,” details best practices and the state-of-the-art, scalable security tools and capabilities that can help secure today’s complex network infrastructures, communications and data.

Network 74

Network Tools Data Technical Review 74

Ivanti

AUGUST 28, 2023

In a previous blog post, I discussed the two main areas to audit before the European Union’s updated Network and Information Security Directive (NIS2) becomes ratified law in October 2024. Review your current supply chain security flaws.

Security 67

Security Technical Advisors Technical Review Compliance 67

Palo Alto Networks

SEPTEMBER 25, 2020

Cybersecurity and Infrastructure Security Agency’s (CISA) 3rd Annual National Cybersecurity Summit , to discuss the digital transformations brought on by the COVID-19 pandemic. David and Jim both provided tremendous insight from the front lines of federal and state technology and cybersecurity challenges.

Government 93

Government Technical Review Infrastructure Network 93