CTO Universe

Cybersecurity Snapshot: Get the Latest on Deepfake Threats, Open Source Risks, AI System Security and Ransomware Gangs

Tenable

SEPTEMBER 15, 2023

Tasked with securing your org’s new AI systems? Plus, open source security experts huddled at a conference this week – find out what they talked about. That’s the topic of the paper “ Securing AI: Similar or Different? published by Google’s Cybersecurity Action Team. ” published by Google’s Cybersecurity Action Team.

Open Source

Open Source Systems Review System Software Review

What's New in Tenable OT Security: Superior IT/OT/IoT Asset Discovery, Advanced Threat Detection and More

Tenable

MARCH 9, 2023

Tenable OT Security, formerly known as Tenable.ot, brings hybrid discovery capabilities and increased visibility for the broadest range of IT and OT devices, making it easier than ever for CISOs to manage security and risk. What’s inside Tenable OT Security? How do you secure what you can’t see?

IoT

IoT Network Malware Policies

Cybersecurity Snapshot: A Look Back at Key 2023 Cyber Data for GenAI, Cloud Security, Vulnerability Management, OT, Cyber Regulations and more

Tenable

DECEMBER 22, 2023

Learn how the cyber world changed in areas including artificial intelligence, CNAPP, IAM security, government oversight and OT security. Cybersecurity teams were no exception. This year, we saw high-profile incidents in which employees inadvertently entered confidential corporate information into ChatGPT. No small task.

Artificial Inteligence

Artificial Inteligence Technical Review Cloud Artificial Intelligence

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

Tenable

DECEMBER 29, 2023

To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!

Software Review

Software Review Development Team Review Systems Review Weak Development Team

Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice

Tenable

DECEMBER 6, 2022

Tenable CIO Patricia Grant and CSO Robert Huber share insights and best practices to help IT and cybersecurity leaders and their teams weather the next cyber crisis of Log4j proportions. They’re important questions to ponder, especially with the findings about the current state of Log4j remediation that Tenable recently disclosed.

Policies

Policies Software Exercises Organization

Cybersecurity Snapshot: Latest MITRE ATT&CK Update Offers Security Insights on GenAI, Identity, Cloud and CI/CD

Tenable

APRIL 26, 2024

Advice about securing cloud environments. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Office of the Director of National Intelligence (ODNI) have published a guide for election teams that details cyberattack tactics and mitigations. “We Recommendations for protecting software development pipelines.

Security

Security Cloud Artificial Inteligence Generative AI

Cloud Leaders Sound Off on Key Challenges

Tenable

JANUARY 31, 2024

These are the findings from a commissioned survey including 262 IT and security professionals who have the final decision-making authority for their organization’s cloud infrastructure. And, managing who has access to these systems poses a significant challenge.

Security

Security Cloud Fractional CTO Technical Review

Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn

Tenable

FEBRUARY 9, 2024

critical infrastructure IT and operational technology security teams, listen up. Cybersecurity and Infrastructure Security Agency (CISA) said in a statement. Dive into six things that are top of mind for the week ending February 9. 1 - Alert: China-backed Volt Typhoon positioning itself to strike U.S.

Weak Development Team

Weak Development Team Infrastructure Generative AI Artificial Inteligence

Cybersecurity Snapshot: Critical Infrastructure Orgs Cautioned About Chinese Drones, While Water Plants Advised To Boost Incident Response

Tenable

JANUARY 19, 2024

Find out why Uncle Sam is warning critical infrastructure facilities about drones made in China, while urging water treatment plants to beef up incident response plans. Cybersecurity and Infrastructure Security (CISA) agency and the Federal Bureau of Investigation (FBI) said this week. And much more!

Infrastructure

Infrastructure Malware Government Technical Review

FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group

Tenable

MARCH 3, 2023

Background As part of their #StopRansomware campaign, the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released a cybersecurity advisory (CSA) discussing the Royal ransomware group. Get more information Joint CSA on Royal Ransomware Join Tenable's Security Response Team on the Tenable Community.

Groups

Groups Systems Review Technical Review Software Review

Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)

Tenable

JANUARY 11, 2022

Security Respo…. Microsoft Teams. Windows Local Security Authority. Windows Local Security Authority Subsystem Service. Windows Secure Boot. Windows Security Center. Windows User Profile Service. CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability. 9 Critical.

Windows

Windows Internet Open Source Storage

Cybersecurity Snapshot: NIST’s Cybersecurity Framework Gets Major Update, as Advisories on APT29 and ALPHV Blackcat Get Rolled Out

Tenable

MARCH 1, 2024

from CSO Magazine , The Register , SC Magazine and Help Net Security , as well as the videos below. APT29, also known as the Dukes, CozyBear and Nobelium/Midnight Blizzard, was responsible for the SolarWinds supply chain attack and other high-profile hacks against targets including Microsoft and Hewlett-Packard Enterprise.

Artificial Inteligence

Artificial Inteligence Malware Generative AI Government

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Tenable

APRIL 12, 2022

Microsoft addresses 117 CVEs in its April 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the National Security Agency. Microsoft Local Security Authority Server (lsasrv). Windows Local Security Authority Subsystem Service. 9 Critical.

Windows

Windows Systems Review Software Review SMB

Cybersecurity Snapshot: 6 Things That Matter Right Now

Tenable

SEPTEMBER 16, 2022

16 | How cybersecurity excellence boosts business | CISOs on a vendor-consolidation campaign | A quick check on converged OT/IT cybersecurity | Guides to help developers beef up on security | And much more! Use automated cybersecurity tools to boost prevention, response and efficiency. If not, it’s likely to contain security issues.

Security

Security Survey Open Source .Net

Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy

Tenable

JANUARY 27, 2023

Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer. Tenable has coverage for CVEs known to be used by Sandworm. A dynamic and filtered list can be found here.

Policies

Policies Groups Malware Windows

CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

Tenable

SEPTEMBER 14, 2020

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). Several proofs of concept (PoCs) have been published to GitHub [1] [2] [3] [4] which demonstrates wide interest and experimentation across the security community. Background.

Windows

Windows LAN Backup Authentication

Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411)

Tenable

MARCH 9, 2021

In its March release, Microsoft addressed 82 CVEs, including a zero-day vulnerability in Internet Explorer that has been exploited in the wild and linked to a nation-state campaign targeting security researchers. Tenable solutions. Microsoft's March 2021 Security Updates. Tenable Blog Post for Exchange Server Vulnerabilities.

Windows

Windows Azure Internet Research

TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

Tenable

OCTOBER 22, 2021

Source: Tenable, October 2021 Two years ago, I published research highlighting how growing platforms like TikTok can become havens for scammers , and how the rise of impersonation accounts on the platform were being fueled by the social currency of likes and followers. Source: Tenable, October 2021. Source: Tenable, October 2021.

Video

Video Virtualization Report Games

Cybersecurity Snapshot: Six Predictions from Tenable for 2023

Tenable

DECEMBER 23, 2022

As 2022 draws to a close, we asked Tenable experts what they expect for the new year. After reading the tea leaves, they’re forecasting developments in extortion attacks, OT security, SaaS threats, metaverse risks and more! Dive into these six predictions for 2023 from Tenable experts. 2 – OT security will dodge budget cuts .

Development Team Review

Development Team Review Software Review Technical Review Systems Review

Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424, CVE-2021-36948)

Tenable

AUGUST 10, 2021

Windows User Profile Service. This vulnerability was reported internally by Microsoft’s Security Response Center and Microsoft’s Threat Intelligence Center. Microsoft encourages prioritizing patching domain controllers first and notes that further action, found in KB5005413 , is required after applying the security update.

Windows

Windows Azure LAN .Net

Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)

Tenable

JULY 22, 2020

On June 19, the Australian Cyber Security Centre (ACSC) published Advisory 2020-008 in response to reports that threat actors were targeting Australian government agencies and companies. At the end of January, another Tenable Security Response blog post was written detailing an increase in attacks observed in the wild.

WAN

WAN Software Review Authentication Government

CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability

Tenable

JUNE 29, 2020

CVE-2020-2021 is an authentication bypass vulnerability in the Security Assertion Markup Language (SAML) authentication in PAN-OS. Under the SAML Identity Provider Server Profile configuration section, the “Validate Identity Provider Certificate” option needs to be disabled (unchecked) in order for the device to be vulnerable.

Authentication

Authentication Network Firewall Azure

South Korean and American Agencies Release Joint Advisory on North Korean Ransomware

Tenable

FEBRUARY 16, 2023

Background As part of their #StopRansomware campaign, the Federal Bureau of Investigations and Cybersecurity and Infrastructure Security Agency have released a joint Cybersecurity Advisory (CSA) in collaboration with South Korea's National Intelligence Service and Defence Security Agency. A dynamic and filtered list can be found here.

Malware

Malware Systems Review Technical Review Healthcare

Protecting Your Cloud Assets: Where Do You Start?

Tenable

FEBRUARY 4, 2021

When securing dynamic cloud environments, the ability to continuously discover and assess cloud assets allows you to quickly detect issues as new vulnerabilities are disclosed and as your environment changes. But with the benefits of agility and efficiency comes the challenge of protecting and securing your assets and workloads in the cloud.

Cloud

Cloud AWS Study Survey

WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote Code Execution

Tenable

APRIL 30, 2020

This user can embed malicious PHP code into the change name option in their profile, which will output into the PHP file that was created. A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. Join Tenable's Security Response Team on the Tenable Community.

Software Review

Software Review PHP Systems Review Research

COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times

Tenable

DECEMBER 7, 2020

Tenable’s Zero-Day Research team found encouraging trends in how quickly software vendors are responding to our private disclosures, as well as how they’re addressing critical and high-severity vulnerabilities. At least five high-profile vulnerabilities received a CVSSv3 score of 10.0 A Closer Look at Zero-Day Response Times.

Software Review

Software Review Software Data Comparison

Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)

Tenable

FEBRUARY 8, 2022

Microsoft Teams. Roaming Security Rights Management Services. Windows User Account Profile. Tenable Solutions. Microsoft's February 2022 Security Updates. Tenable plugins for Microsoft February 2022 Patch Tuesday Security Updates. Join Tenable's Security Response Team on the Tenable Community.

Windows

Windows Research Azure System

MrBeast Scams: Verified Accounts, DeepFakes Used in Impersonations to Promote Fake Giveaways on YouTube and TikTok

Tenable

OCTOBER 4, 2023

The intention behind commenting, especially with a verified account, is to gather the attention of TikTok users to visit their profile. This is why some of the profiles contain no videos, as they are in the early stages of pivoting to the MrBeast impersonation.

Video

Video Survey Advertising Media

Cybersecurity Snapshot: As OpenAI Honcho Hits Capitol Hill, Regulatory Storm Clouds Form Over AI La La Land

Tenable

MAY 19, 2023

Altman goes to Washington Lively discussions around how much government control there should be over artificial intelligence (AI) products continue globally – and cybersecurity teams should closely monitor which way the regulatory winds are blowing. The latest high-profile debate happened this week in Washington D.C.,

Artificial Inteligence

Artificial Inteligence Generative AI Technical Review ChatGPT

Cybersecurity Snapshot: CIS Guide Outlines How To Attain an Affordable Cyber Hygiene Foundation

Tenable

AUGUST 18, 2023

The Center for Internet Security unpacks how to establish foundational cyber hygiene at a reasonable cost. Plus, the Cyber Safety Review Board issues urgent security recommendations on its Lapsus$ report – and announces it’ll next delve into cloud security. Moreover, are humans or AI better at crafting phishing emails?

Software Review

Software Review Technical Review Artificial Inteligence How To

Spotlight on France: The New World of Work Increases Cyber Risk, and Attackers are Looking to Capitalize

Tenable

SEPTEMBER 22, 2021

The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 153 respondents in France. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work , was conducted by Forrester Consulting on behalf of Tenable in April 2021.

Study

Study Cloud Organization Policies

Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management

Tenable

MAY 22, 2019

Through the course of doing broad-scope interviews with CISOs and security analysts, we were sure to ask about their experiences with vulnerabilities in the news. High-profile vulnerabilities are not just a concern for security teams. So we asked them. If so, how?” Our key findings were that: .

Media

Media Metrics Technical Advisors Security

Busting 5 Common Myths About Vulnerability Assessment

Tenable

APRIL 8, 2021

It'll be of the utmost importance for you and other stakeholders in your organization with a focus on cybersecurity to look beyond the misconceptions and understand the facts behind effective security. No potential target is "valueless" to malicious online actors just because of its size or low profile. Let’s start myth-busting!

SMB

SMB Malware Systems Review VOIP

Spotlight on Germany: Hybrid Work Brings New Cyber Risks

Tenable

SEPTEMBER 22, 2021

But, by their own admission, only 58% of German organizations feel they are prepared to support new workforce strategies from a security standpoint. The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 156 respondents in Germany.

Study

Study Cloud Organization Strategy

Spotlight on U.K.: Hybrid Work is Here to Stay and Attackers are Taking Advantage

Tenable

SEPTEMBER 22, 2021

The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 168 respondents in the U.K. As part of changes made in response to the pandemic, 46% of U.K. Introducing a hybrid working model is complex. While 57% of U.K.

Study

Study Cloud Network Report

Spotlight on Brazil: Remote Work Requires New Risk Management Practices

Tenable

OCTOBER 14, 2021

In fact, six out of 10 Brazilian leaders said the number of business-impacting* cyberattacks increased with the pandemic and 75% attributed recent business-impacting cyberattacks to vulnerabilities in technology implemented in response to the pandemic. Remote work introduces new business risks .

Study

Study Cloud Report Organization

Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live

Tenable

NOVEMBER 23, 2021

Current events featuring high profile individuals offer the perfect fodder for scammers, as they can count on significant interest from audiences looking to watch livestream footage on YouTube. Join Tenable's Security Response Team on the Tenable Community. Get a free 30-day trial of Tenable.io

Video

Video Report Malware Examples

Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum and Dogecoin Crypto Giveaways

Tenable

MAY 13, 2021

Once these verified Twitter accounts were compromised, the scammers pivoted them away from their original owners by changing the avatar or profile picture as well as the associated name. At this price, the scammer responsible for this campaign earned $1.6 Join Tenable's Security Response Team on the Tenable Community.

Video

Video Media Sport Analysis

Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos

Tenable

JUNE 24, 2021

When browsing the user’s profile, we see that this user joined YouTube in August, 2011. We reached out to YouTube to share our findings prior to publication, but we did not receive a response. Join Tenable's Security Response Team on the Tenable Community.

Advertising

Advertising Video Blockchain Research

Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App

Tenable

MAY 13, 2020

They do so by first creating fake profiles on these P2P applications. These profiles typically impersonate an organization, like Cash App, or a user, oftentimes a celebrity or other notable figure. In one case, the impersonator forgot to swap out their own profile photo. Scams on Venmo and PayPal. Thank you so much!

Media

Media Social Banking Applications

CVE-2019-8451: Proof-of-Concept Available for Server Side Request Forgery (SSRF) Vulnerability in Jira

Tenable

SEPTEMBER 25, 2019

for Jira Core and Jira Software , which included a fix for an important security issue reported in August 2019. Dai Zovi, Head of Security at Square’s CashApp, retweeted Chen’s tweet saying “If you’re running JIRA on AWS consider this SSRF to be RCE.” Our example above simply aims to get the security credentials from the environment.

Software Review

Software Review AWS Google Cloud Systems Review

TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services

Tenable

SEPTEMBER 3, 2020

A thread from the private iMoney Facebook group showed an exchange between a user who claimed to have seen great success in securing referrals and another lamenting that they’ve not had quite the same luck, noting that they’ve snagged only four referrals with only one referral resulting in task completion. There’s ample room for improvement.

Advertising

Advertising Software Review Technical Review Video

Cybersecurity Snapshot: Get the Latest on Deepfake Threats, Open Source Risks, AI System Security and Ransomware Gangs

What's New in Tenable OT Security: Superior IT/OT/IoT Asset Discovery, Advanced Threat Detection and More

Webinars

Trending Sources

Cybersecurity Snapshot: A Look Back at Key 2023 Cyber Data for GenAI, Cloud Security, Vulnerability Management, OT, Cyber Regulations and more

Webinars

Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice

Cybersecurity Snapshot: Latest MITRE ATT&CK Update Offers Security Insights on GenAI, Identity, Cloud and CI/CD

Cloud Leaders Sound Off on Key Challenges

Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn

Cybersecurity Snapshot: Critical Infrastructure Orgs Cautioned About Chinese Drones, While Water Plants Advised To Boost Incident Response

FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group

Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)

Cybersecurity Snapshot: NIST’s Cybersecurity Framework Gets Major Update, as Advisories on APT29 and ALPHV Blackcat Get Rolled Out

Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)

Cybersecurity Snapshot: 6 Things That Matter Right Now

Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy

CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411)

TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

Cybersecurity Snapshot: Six Predictions from Tenable for 2023

Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424, CVE-2021-36948)

Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)

CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability

South Korean and American Agencies Release Joint Advisory on North Korean Ransomware

Protecting Your Cloud Assets: Where Do You Start?

WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote Code Execution

COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times

Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)

MrBeast Scams: Verified Accounts, DeepFakes Used in Impersonations to Promote Fake Giveaways on YouTube and TikTok

Cybersecurity Snapshot: As OpenAI Honcho Hits Capitol Hill, Regulatory Storm Clouds Form Over AI La La Land

Cybersecurity Snapshot: CIS Guide Outlines How To Attain an Affordable Cyber Hygiene Foundation

Spotlight on France: The New World of Work Increases Cyber Risk, and Attackers are Looking to Capitalize

Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management

Busting 5 Common Myths About Vulnerability Assessment

Spotlight on Germany: Hybrid Work Brings New Cyber Risks

Spotlight on U.K.: Hybrid Work is Here to Stay and Attackers are Taking Advantage

Spotlight on Brazil: Remote Work Requires New Risk Management Practices

Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live

Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum and Dogecoin Crypto Giveaways

Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos

Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App

CVE-2019-8451: Proof-of-Concept Available for Server Side Request Forgery (SSRF) Vulnerability in Jira

TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services

Stay Connected