Tenable

SEPTEMBER 7, 2023

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors. The vulnerability is caused by the use of an outdated version of Apache Santuario, an XML security software library.

Firewall 63

Firewall Software Review Technical Review Systems Review 63

Tenable

OCTOBER 6, 2023

A SANS Institute survey found that budgets for ICS/OT security have shrunk, and advises on how to do more with less. In addition, CISA’s Cybersecurity Awareness Month campaign challenges tech vendors to build safer products. in 2022 to 21.8% Security Spotlight - The Ransomware Ecosystem Tenable.ot And much more!

Budget 65

Budget Report Survey Open Source 65

Tenable

FEBRUARY 13, 2024

Moderate CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. Successful exploitation would bypass SmartScreen security features. Moderate March 2023 CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability 8.8

LAN 124

LAN Windows Azure Internet 124

Tenable

SEPTEMBER 8, 2023

Life is getting harder for cybersecurity pros, but there are ways to improve working conditions. Meanwhile, there’s a new, free attack-emulation tool for OT security teams. government is alerting about exploits to CVE-2022-47966 and CVE-2022-42475. Check out what a study found. Plus, the U.S.

Technical Review 67

Technical Review Systems Review Software Review Survey 67

Tenable

MARCH 29, 2024

The 52-page report, titled “ Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, ” touches on cybersecurity and fraud protection; fraud threats; the regulatory landscape; and major challenges and opportunities. This week, the U.K.

Systems Review 65

Systems Review Weak Development Team Banking System 65

Palo Alto Networks

JANUARY 28, 2022

The UK Government has once again shifted the cyber discourse with the recent publication of the National Cyber Strategy 2022 , marking a significant change in how the government views cybersecurity and solidifying its position as a global cyber power. Building Resilience and Securing the Digital Ecosystem.

Security 81

Security Strategy Telecommunications Government 81

Tenable

JUNE 14, 2022

Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws. Microsoft patched 55 CVEs in its June 2022 Patch Tuesday release, with three rated as critical, 52 rated as important. Windows Local Security Authority Subsystem Service. 3 Critical. 52 Important. 0 Moderate. Windows Installer.

Windows 97

Windows Azure SMB Internet 97

Palo Alto Networks

DECEMBER 20, 2022

The European Union (EU) adopted the revised Network and Information Security Directive (NIS2) in November 2022. It is especially important in a time of growing geopolitical tensions and cyberattacks where European citizens and their economies depend on a stable and secure digital infrastructure.

Security 86

Security Infrastructure Report Network 86

Tenable

DECEMBER 9, 2022

It was at around this time last year that the discovery of the zero-day Log4Shell vulnerability in the ubiquitous Log4j open source component sent shockwaves through the worlds of IT and cybersecurity. . Tenable found that, as of October 1, 2022: 72% of organizations remain vulnerable to Log4Shell. Insecure System Configuration.

Software Review 52

Software Review SMB Malware Development Team Review 52

Tenable

OCTOBER 14, 2022

14 | DevOps team culture is key for supply chain security | SecOps gets more challenging as attack surface expands | Weak credentials hurt cloud security | Incident responders grapple with stress | Security spending grows | And much more! . Topics that are top of mind for the week ending Oct.

Security 52

Security Weak Development Team Retail Software Review 52

Tenable

OCTOBER 1, 2022

On September 28, GTSC Cybersecurity Technology Company Limited published a blog post (English translation published later ) regarding their discovery of two zero-day vulnerabilities in Microsoft Exchange Server. Exploitation of CVE-2022-41040 could allow an attacker to exploit CVE-2022-41082. Get more information.

Authentication 56

Authentication Report Internet Analysis 56

Tenable

DECEMBER 21, 2022

CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Frequently Asked Questions (FAQ) about CVE-2022-37958. What is CVE-2022-37958?

Windows 98

Windows SMB Authentication Research 98

Tenable

NOVEMBER 8, 2022

Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073) Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild. Microsoft patched 62 CVEs in its November 2022 Patch Tuesday release, with nine rated as critical, and 53 rated as important. 9 Critical. 53 Important.

Windows 101

Windows Azure Open Source Policies 101

Tenable

AUGUST 25, 2023

Plus, why security leaders are prioritizing security prevention tools. Oh, and the White House wants your input on open source security. That’s according to the study “The State of Cybersecurity Today” from Information Services Group (ISG), for which 204 executives from the world’s 2,000 largest companies were polled.

Malware 98

Malware Artificial Inteligence Open Source Artificial Intelligence 98

Tenable

AUGUST 3, 2023

AA23-215A: 2022's Top Routinely Exploited Vulnerabilities A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022 Background On August 3, a joint Cybersecurity Advisory (CSA) AA23-215A coauthored by multiple U.S.

Authentication 52

Authentication Data Center Software Review Windows 52

Modus Create

FEBRUARY 16, 2022

In October 2021, we surveyed over 1,000 senior executives in the US, with a goal to understand their digital appetite and aspirations for 2022. . The survey revealed interesting insights on Corporate America’s readiness for various digital initiatives, which we consolidated in our 2022 State of Digital Transformation report.

Technical Review 143

Technical Review SDLC Agile Survey 143

Tenable

JANUARY 27, 2023

Also, check out a new toolbox for cybersecurity awareness programs. Boost cyber hygiene by strengthening IT security training, incident response and cybersecurity governance, the report suggests. At a recent webinar about Tenable.sc , we polled attendees about web application security (WAS). And much more!

IoT 52

IoT Malware Policies Survey 52

Tenable

MAY 25, 2023

Background On May 24, several international agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) in the U.S, It is part of a new naming convention used by Microsoft. How long has Volt Typhoon been operating?

Malware 52

Malware Windows Groups Internet 52

Tenable

MARCH 17, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is intensifying its efforts to help reduce ransomware attacks against critical infrastructure. For more information, check out CISA’s description of the RVWP program, as well as coverage from The Record , CyberScoop , GCN , SC Magazine and NextGov. VIDEOS Tenable.ot

Infrastructure 52

Infrastructure Groups ChatGPT Generative AI 52

Tenable

SEPTEMBER 22, 2023

Department of Homeland Security in its “ Homeland Threat Assessment 2024 ” report. Insurance provider Coalition said in its “ 2023 Cyber Claims Report: Mid-year Update ” that cyber claims rose 12% in the first half of 2023 compared with the second half of 2022, a surge driven primarily by ransomware attacks. So says the U.S.

Insurance 70

Insurance Trends IoT Software Review 70

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . Cybersecurity and Infrastructure Security Agency (CISA). Log4j guidance from the U.S.

IoT 52

IoT Systems Review Guidelines Technical Review 52

Tenable

MAY 9, 2023

Feynman In the last of our four-part blog series we take a closer look at eight notable CVEs in 2022 and explore how the gaps between their discovery and their full disclosure on the National Vulnerability Database (NVD) could put organizations at risk. 1 CVE Description CVSS v3 VPR* CVE-2022-1134 Type confusion in V8 Google Chrome 8.8

Authentication 52

Authentication Study Small Business Research 52

Tenable

JANUARY 10, 2024

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors. Background On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.

Policies 71

Policies Authentication Analysis Network 71

Tenable

FEBRUARY 28, 2023

The 2022 Threat Landscape Report — Tenable’s annual look at the vulnerabilities and cyberthreats facing security teams — drives home the sheer enormity of the challenges involved in reducing risk. Cybersecurity organizations are well beyond the point where vulnerability management can be performed in a vacuum.

Report 52

Report Nonprofit Programming Microservices 52

Tenable

AUGUST 26, 2022

26 | The “platformization” of hybrid cloud security. Tackling IT/OT cybersecurity challenges. Tips for complying with HIPAA’s cybersecurity rule. 1 - IDC sees shift to “platformization” of hybrid cloud security. That’s according to IDC’s “Worldwide Cloud Workload Security Forecast, 2022-2026.” .

Weak Development Team 52

Weak Development Team Software Review Technical Review Budget 52

Tenable

JANUARY 19, 2024

Cybersecurity and Infrastructure Security (CISA) agency and the Federal Bureau of Investigation (FBI) said this week. To mitigate this risk, the agencies recommendations include: Using drones built with secure-by-design principles, such as those manufactured in the U.S. The upside?

Infrastructure 71

Infrastructure Malware Government Technical Review 71

Tenable

JULY 15, 2022

Topics that are top of mind for the week ending July 15 | Government cybersecurity efforts tripped by technical debt. Neglect SaaS security at your own risk. Lessons learned about critical infrastructure security. 1 – Don’t downplay SaaS security. Want to learn more about security best practices for SaaS deployments? “

Weak Development Team 53

Weak Development Team Government Infrastructure Architecture 53

Tenable

OCTOBER 28, 2022

Get the latest on Microsoft 365 security configurations; effective CISO board presentations; rating MSPs’ cybersecurity preparedness; and hospitals’ Daixin cyberthreat. Cybersecurity and Infrastructure Security Agency (CISA) released a set of recommended configuration baselines for the Microsoft 365 product suite. .

Cloud 52

Cloud Malware Spyware Authentication 52

Tenable

AUGUST 9, 2022

Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713). Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws. Microsoft patched 118 CVEs in its August 2022 Patch Tuesday release, with 17 rated as critical and 101 rated as important. Windows Secure Boot.

SMB 63

SMB Azure Windows Disaster Recovery 63

Tenable

JUNE 17, 2022

CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities. On June 14, Citrix published a security bulletin (CTX460016) for a pair of vulnerabilities in Citrix Application Delivery Management (ADM), a centralized management solution used to monitor a variety of Citrix networking products.

Delivery Management 52

Delivery Management Applications Research Internet 52

Tenable

JUNE 3, 2022

On June 2, Atlassian published an advisory for CVE-2022-26134 , a critical zero-day remote code execution vulnerability in Confluence Server and Data Center. What is CVE-2022-26134? CVE-2022-26134 is a remote code execution vulnerability in Atlassian Confluence Server and Data Center. Frequently Asked Questions.

Data Center 98

Data Center Software Review Data Systems Review 98

Tenable

DECEMBER 8, 2022

A recent SANS Institute report finds that DevSecOps teams are improving their tooling, processes and techniques, but their organizations’ increasingly hybrid and multi-cloud IT environments are getting harder to secure. Check out key highlights from the “SANS 2022 DevSecOps Survey.”. Integrated automatic security testing.

Survey 98

Survey Cloud Software Review Serverless 98

Tenable

JULY 7, 2023

1 – McKinsey: Generative AI will empower developers, but mind the risks Generative AI tools like ChatGPT will supercharge software developers’ productivity, but organizations must be aware of and mitigate the AI technology’s security and compliance risks. Dive into six things that are top of mind for the week ending July 7.

ChatGPT 52

ChatGPT Generative AI Tools Software Review 52

Palo Alto Networks

DECEMBER 5, 2022

Protect every connected device with Zero Trust IoT security, tailor-made for medicine. Healthcare has consistently been one of the most breached industries with the highest average cost per breach compared to others over the past 12 years (2010-2022). Managing multiple-point security products creates complexity and security gaps.

IoT 87

IoT Healthcare Guidelines Policies 87

Palo Alto Networks

JULY 25, 2023

It has evolved into the “intersection of network security and hacker ingenuity… where the establishment and the underground are equally at home.” Black Hat can be an attractive target for threat actors looking for the infamy associated with disrupting the conference or stealing personally identifiable information (PII) from attendees.

Network 52

Network Firewall Conference LAN 52

Tenable

OCTOBER 27, 2023

View Change Log Background On October 25, Praetorian published a blog post warning of a newly discovered vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to execute code on affected devices. In May 2022, CVE-2022-1388 , another authentication bypass vulnerability affecting F5 BIG-IP was patched.

Authentication 73

Authentication Software Review Technical Review Systems Review 73

Tenable

AUGUST 5, 2022

That’s the bad news the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board delivered in a recent report. Drive best practices for security hygiene, such as automated vulnerability management, asset inventorying and vulnerability mitigation, as well as secure software development practices.

Development Team Review 52

Development Team Review Software Review Systems Review Technical Review 52