Tenable

MARCH 29, 2024

Frequently asked questions about CVE-2024-3094, a supply-chain attack responsible for a backdoor in XZ Utils, a widely used library found in multiple Linux distributions. No information regarding exploitation has been observed for this backdoor code as of March 29. How was this backdoor discovered? What is the impact of this backdoor?

Linux 142

Linux Open Source Authentication Operating System 142

Tenable

MARCH 8, 2024

Meanwhile, MITRE updated a database about insider threats. Dive into six things that are top of mind for the week ending March 8. Source: “2023 Internet Crime Report” from the FBI’s Internet Crime Complaint Center, March 2024) Those are big numbers, but the FBI calls them “conservative” because many incidents go unreported.

Infrastructure 117

Infrastructure Report Software Review Artificial Intelligence 117

Tenable

APRIL 19, 2024

And don’t miss the latest CIS Benchmarks updates. To get more details: Check out the report’s highlights page Dive into the full “Artificial Intelligence Index Report 2024” report 3 - OpenSSF launches open source SBOM tool Are you involved with software bills of materials (SBOMs) in your organization? And much more! x Benchmark v2.1.0

Artificial Inteligence 65

Artificial Inteligence Trends Technical Advisors Analysis 65

Tenable

MARCH 29, 2024

Dive into six things that are top of mind for the week ending March 29. The current state of play in OT can make the path to securely implementing a cloud migration challenging,” the NCSC said in a blog titled “ SCADA 'in the cloud': new guidance for OT organisations. Meanwhile, why CISA is fed up with SQLi flaws. And much more!

Systems Review 67

Systems Review Weak Development Team Banking System 67

Tenable

MARCH 14, 2024

Background On March 12, Fortinet published an advisory ( FG-IR-24-007 ) to address a critical flaw in its FortiClient Enterprise Management Server (FortiClientEMS), a solution which enables centralized management of multiple endpoints. Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3

Software Review 68

Software Review Systems Review Authentication Infrastructure 68

Tenable

APRIL 12, 2024

The attack against Microsoft began in November 2023, when Midnight Blizzard – also known as Nobelium, Cozy Bear and APT29 – compromised a legacy, non-production test account that lacked multi-factor authentication protection. That’s according to IoT Analytics’ “ State of Tech Employment Spring 2024 ” report, released this week.

Generative AI 118

Generative AI Malware Trends Government 118

Tenable

DECEMBER 12, 2023

Background Microsoft’s Patch Tuesday, a monthly release of software patches for various Microsoft products, celebrated its 20th anniversary in 2023. In 2022, Tenable Research published a blog post discussing Patch Tuesday’s impact on cybersecurity over the years. Follow the Tenable blog for more information as we move into 2024.

Software Review 73

Software Review Trends Groups Research 73