CircleCI

JANUARY 13, 2023

On January 4, 2023, we alerted customers to a security incident. Today, we want to share with you what happened, what we’ve learned, and what our plans are to continuously improve our security posture for the future. A note on employee responsibility vs. systems safeguards. Security best practices. What happened?

Report 145

Report Systems Review Malware Software Review 145

Tenable

MARCH 29, 2024

Plus, how to cut cyber risk when migrating SCADA systems to the cloud. The 52-page report, titled “ Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, ” touches on cybersecurity and fraud protection; fraud threats; the regulatory landscape; and major challenges and opportunities.

Systems Review 65

Systems Review Weak Development Team Banking System 65

Tenable

AUGUST 30, 2023

Analysis CVE-2023-2868 is a remote command injection vulnerability in Barracuda ESG appliances due to improper handling of emails with attachments. Analysis CVE-2023-2868 is a remote command injection vulnerability in Barracuda ESG appliances due to improper handling of emails with attachments.

Malware 115

Malware Software Review Systems Review Exercises 115

Tenable

JANUARY 3, 2024

The Tribal Cybersecurity Grant Program (TCGP) is accepting applications through January 10, making $18.2 Tribal nations across the country are often a lucrative target for attackers due to their operations of both government entities and gaming enterprises. Implement security protections commensurate with risk.

Government 66

Government Systems Review Technical Review Programming 66

Tenable

OCTOBER 10, 2023

We omitted CVE-2023-44487 from our counts as this vulnerability was reported to MITRE and not Microsoft and does not exclusively affect Microsoft products. It was exploited in the wild as a zero-day and was publicly disclosed prior to the October 2023 Patch Tuesday release. Details about this flaw are included in our analysis below.

Windows 115

Windows Software Review Azure Systems Review 115

Tenable

NOVEMBER 24, 2023

Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. government will evaluate the security practices of its software vendors – and offer your two cents. In addition, there’s a new zero trust certification.

Software Review 70

Software Review Software Insurance Software Development 70

Xebia

NOVEMBER 9, 2023

This is a great extension point for me, as you can add your own systems to the chat interface. Copilot Enterprise Imagine having an AI that not only reviews code but also generates documentation and summarizes pull requests tailored to your organization’s style—this is the promise of Copilot Enterprise.

Software Review 130

Software Review Systems Review Generative AI .Net 130

Tenable

SEPTEMBER 11, 2023

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled. This blog post was published on September XX and reflects VPR at that time.

Groups 119

Groups Report Authentication Software Review 119

Tenable

OCTOBER 2, 2023

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10 Background On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server , a secure file transfer solution, addressing eight vulnerabilities.

Software Review 121

Software Review Software Systems Review Authentication 121

Tenable

MARCH 14, 2024

CVE Description CVSSv3 Severity CVE-2023-48788 Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command) 9.3 Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3 and also links to an advisory that is not currently available.

Software Review 66

Software Review Systems Review Authentication Infrastructure 66

Tenable

DECEMBER 15, 2023

A group that includes the Cloud Security Alliance, CISA and Google is working to compile a comprehensive collection of best practices for secure AI use. Meanwhile, check out a draft of secure configuration recommendations for the Google Workspace suite. Dive into six things that are top of mind for the week ending December 15.

Groups 72

Groups Industry Hardware Software Review 72

Tenable

DECEMBER 12, 2023

4 Critical 29 Important 0 Moderate 0 Low Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month. Microsoft patched 33 CVEs in its December 2023 Patch Tuesday release, with four rated critical and 29 rated as important. It was assigned a CVSSv3 score of 9.6

Windows 113

Windows Software Review Azure Internet 113

Tenable

SEPTEMBER 27, 2023

Background The Tenable Security Response Team has put together this blog to answer frequently asked questions (FAQ) to help provide clarity around recently disclosed vulnerabilities including CVE-2023-41064, CVE-2023-4863 and CVE-2023-5129 in an open source library called libwebp. What is WebP or libwebp?

Open Source 117

Open Source Spyware Operating System Systems Review 117

Tenable

DECEMBER 8, 2023

Meanwhile, the OpenSSF published 10 key principles for secure software development. Cybersecurity and Infrastructure Security Agency (CISA) issued a clarion call for software makers to use so-called “memory safe” programming languages. Plus, malware used in fake browser-update attacks ballooned in Q3. And much more!

Software Review 68

Software Review Software Malware Software Development 68

Prisma Clud

AUGUST 22, 2023

In the cybersecurity maze, finding and addressing vulnerabilities is like chasing shadows. While many organizations rely on the CVE system to identify and track these threats, the CVE system can leave you exposed. For example, let’s look at issue #3555 in the github.com/gin-gonic/gin repository, which discloses a security issue.

Weak Development Team 98

Weak Development Team Open Source Systems Review Software Review 98

Tenable

OCTOBER 4, 2023

Infrastructure Investment and Jobs Act created the State and Local Cybersecurity Grant Program (SLCGP) to help state, local, tribal and territorial (SLTT) governments address an ever-evolving cybersecurity threat landscape. The 2023 Notice of Funding Opportunity (NOFO), released in August, provides $374.9

Programming 64

Programming Meeting How To Government 64

CIO

MARCH 13, 2023

By Ram Velaga, Senior Vice President and General Manager, Core Switching Group This article is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts.

Artificial Inteligence 362

Artificial Inteligence Technical Review Artificial Intelligence ChatGPT 362

Palo Alto Networks

NOVEMBER 30, 2023

These professionals have made an indelible mark on the cybersecurity landscape. Our Palo Alto Networks 2023 Partner Award Winners shine a spotlight on those who have gone above and beyond, achieving excellence in various aspects of our partnership.

Google Cloud 89

Google Cloud AWS Firewall Network 89

Tenable

OCTOBER 27, 2023

A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. At the time their initial blog post was released, no CVE identifier was provided, however, Praetorian noted that additional technical details would be released once a patch was available from F5.

Authentication 73

Authentication Software Review Technical Review Systems Review 73

Synopsys

MAY 8, 2023

CVE-2023-25828 vulnerability; history, mitigation analysis, and everything you need to know about the remote code execution (RCE) vulnerability in Pluck CMS. Summary CVE-2023-25828, tracked in the Black Duck KnowledgeBase™ as BDSA-2023-0370, is an authenticated remote code execution vulnerability in Pluck CMS.

Software Review 93

Software Review PHP Systems Review Authentication 93

Palo Alto Networks

APRIL 17, 2024

In the ever-evolving landscape of cybersecurity, the specter of ransomware looms larger than ever before. Just yesterday, I had the opportunity to testify before the House Financial Services Subcommittee on National Security, Illicit Finance and International Financial Institutions, and bring that insight to bear.

Artificial Intelligence 91

Artificial Intelligence Artificial Inteligence Government Technical Review 91

Tenable

SEPTEMBER 8, 2023

Life is getting harder for cybersecurity pros, but there are ways to improve working conditions. Meanwhile, there’s a new, free attack-emulation tool for OT security teams. 2 - OT security teams get new adversary-emulation tool Are you tasked with securing your organization’s operational technology (OT) systems?

Technical Review 68

Technical Review Systems Review Software Review Survey 68

Tenable

AUGUST 8, 2023

Microsoft also released two advisories (ADV230003 and ADV230004) this month as well as a patch for a vulnerability in AMD processors (CVE-2023-20569). Important CVE-2023-38180 |.NET NET and Visual Studio Denial of Service Vulnerability CVE-2023-38180 is a Denial of Service (DoS) vulnerability in Microsoft Visual Studio,NET versions 6.0

Windows 98

Windows Software Review .Net Azure 98

Tenable

OCTOBER 16, 2023

CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild A maximum severity CVSS 10 zero-day vulnerability in Cisco IOS XE has been exploited in the wild. Analysis CVE-2023-20198 is a privilege escalation vulnerability affecting Cisco IOS XE software, receiving the highest possible CVSS score of 10.

Software Review 109

Software Review Systems Review Authentication Transportation 109

Ivanti

JULY 11, 2023

What to expect in July 2023’s updates for Kerberos and Netlogon vulnerabilities Microsoft outlined a phased rollout of enforcement for both vulnerabilities, due to the fact that they are changing some core behaviors in two commonly used authentication mechanisms. For July, Microsoft is stepping up to full enforcement.

Software Review 85

Software Review Windows Systems Review Report 85

Tenable

NOVEMBER 14, 2023

3 Critical 54 Important 0 Moderate 0 Low Update November 14: This blog has been updated to note the availability of fixes for Windows and Windows Server for CVE-2023-38545, a heap buffer overflow vulnerability in curl. Successful exploitation would result in a bypass of the security checks in Windows Defender SmartScreen.

Windows 69

Windows Systems Review Software Review .Net 69

Tenable

MAY 9, 2023

Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336) Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild. of the vulnerabilities patched this month, followed by both elevation of privilege (EoP) and information disclosure vulnerabilities at 21.1%.

Windows 97

Windows Software Review Systems Review SMB 97

Tenable

DECEMBER 9, 2022

It was at around this time last year that the discovery of the zero-day Log4Shell vulnerability in the ubiquitous Log4j open source component sent shockwaves through the worlds of IT and cybersecurity. . To get all the details, read the blog “ Are You Ready for the Next Log4Shell? 2 - OWASP’s top 10 CI/CD security risks.

Software Review 52

Software Review SMB Malware Development Team Review 52

Tenable

JULY 11, 2023

Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884) Microsoft addresses 130 CVEs including five that were exploited in the wild as zero-day vulnerabilities and guidance on the malicious use of Microsoft signed drivers. Exploitation of CVE-2023-36884 began in June 2023.

Windows 98

Windows Software Review Systems Review Authentication 98

Tenable

JANUARY 12, 2023

A new report from Google outlines a set of evolving threats that cloud security teams should keep an eye on in the new year. In this blog, we take a look at several of the trends discussed in the report, whose insights are aimed at helping cloud security teams increase their knowledge of emerging threats and improve their defense strategies.

Cloud 52

Cloud Backup Malware Google Cloud 52

Tenable

OCTOBER 27, 2023

Check out how organizations’ enthusiasm over generative AI is fueling artificial intelligence adoption for cybersecurity. Also, why boards of directors feel more comfortable with cybersecurity. business and IT pros involved in cybersecurity. business and IT pros involved in cybersecurity. And much more!

Artificial Inteligence 64

Artificial Inteligence Artificial Intelligence Technical Review Backup 64

Tenable

FEBRUARY 9, 2024

Plus, ransomware gangs netted $1 billion-plus in 2023. critical infrastructure IT and operational technology security teams, listen up. So said cybersecurity agencies from the U.S., Cybersecurity and Infrastructure Security Agency (CISA) said in a statement. Critical Infrastructure. ”

Weak Development Team 66

Weak Development Team Infrastructure Generative AI Artificial Inteligence 66

Tenable

NOVEMBER 25, 2022

Get the latest on the Hive RaaS threat; the importance of metrics and risk analysis; cloud security’s top threats; supply chain security advice for software buyers; and more! . Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal Enterprise ” (Tenable blog). What would this look like?

Metrics 52

Metrics Cloud Backup Software Review 52

Tenable

JUNE 23, 2023

Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. That’s why a recent IANS Research blog post about building an incident response process for ransomware caught our eye. Learn all about the DOJ’s reward for CL0P ransomware leads. And much more!

Cloud 53

Cloud Systems Review Data Disaster Recovery 53

Tenable

NOVEMBER 4, 2022

Get the latest on salary trends for CISOs and cybersecurity pros; CISA’s call for adopting phishing-resistant MFA; the White House’s ransomware summit; and more! and Canada improved this year compared with 2021 as employers paid up to retain their cybersecurity chiefs amidst a shortage of qualified candidates for these jobs.

Trends 103

Trends Authentication Recruiting Banking 103

Tenable

MAY 14, 2024

A local attacker with a presence on a vulnerable system could exploit this vulnerability to gain SYSTEM privileges. It is also credited to Quan Jin of DBAPPSecurity WeBin Lab, who disclosed CVE-2023-36033 , another zero-day vulnerability in the DWM Core Library exploited in the wild that was patched in November 2023.

Windows 119

Windows Software Review Systems Review Malware 119

Tenable

JANUARY 19, 2024

Cybersecurity and Infrastructure Security (CISA) agency and the Federal Bureau of Investigation (FBI) said this week. To mitigate this risk, the agencies recommendations include: Using drones built with secure-by-design principles, such as those manufactured in the U.S.

Infrastructure 72

Infrastructure Malware Government Technical Review 72