CIO

NOVEMBER 17, 2022

This is especially true for content management operations looking to navigate the complexities of data compliance while getting the most from their data. IT professionals tasked with managing, storing, and governing the vast amount of incoming information need help. According to IBM , every day people create an estimated 2.5

Software Review 362

Software Review Cloud Software Technical Review 362

CIO

JULY 6, 2023

There are zero-day attacks that exploit vulnerabilities before security teams are even aware of them. The complex process of applying the latest patches leaves a significant gap between discovery of the vulnerability and buttoning up of that security hole. And SECaaS gives you that.”

SDLC 246

SDLC Survey Firewall Data Center 246

CIO

JULY 17, 2023

Unless the model is understood and followed, it could lead to data, applications, and cloud workloads being exposed to security vulnerabilities. This can occur due to insecure configurations, inadequate access controls, or vulnerabilities in cloud storage or databases. Watch on-demand here. How is the cloud being attacked and why?

Cloud 246

Cloud How To Malware Open Source 246

Tenable

APRIL 12, 2024

A critical severity command injection vulnerability in Palo Alto Networks PAN-OS has been exploited in limited targeted attacks. CVE Description CVSSv3 Severity CVE-2024-3400 Command Injection Vulnerability in the GlobalProtect Gateway feature of PAN-OS 10.0 According to the advisory, this vulnerability impacts PAN-OS versions 10.2,

Network 119

Network Firewall Software Review Systems Review 119

Tenable

MARCH 12, 2024

2 Critical 57 Important 0 Moderate 0 Low Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities. of the vulnerabilities patched this month, followed by Remote code execution (RCE) at 30.5%. This vulnerability was assigned a CVSSv3 score of 8.1

Windows 123

Windows Azure Authentication Infrastructure 123

CIO

FEBRUARY 13, 2024

The IDC Middle East CIO Summit has been the platform of choice for industry leaders across the region for the past 17 years,” says Jyoti Lalchandani, IDC’s group vice president and regional managing director for the Middle East, Türkiye, and Africa. “We

Generative AI 246

Generative AI Trends Healthcare Industry 246

Tenable

APRIL 9, 2024

3 Critical 142 Important 2 Moderate 0 Low Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities. of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 21.1%.

Azure 114

Azure Windows Internet Social 114

The Crazy Programmer

OCTOBER 19, 2022

Qualys Vulnerability Scanner. Qualys Vulnerability Scanner not only detects vulnerabilities but also ranks them based on their severity. It provides you with key data points relating to each vulnerability so that you can make rapid, knowledgeable judgments about how to fix them. Top Cybersecurity Tool on the Market.

Compliance 173

Compliance Wireless Continuous Delivery Internet 173

CIO

MAY 2, 2024

LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. LayerX has Fortune 100 clients worldwide.

Security 147

Security Enterprise Organization Network 147

Tenable

DECEMBER 12, 2023

4 Critical 29 Important 0 Moderate 0 Low Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month. A separate advisory from AMD is available with more information on the vulnerability. It was assigned a CVSSv3 score of 9.6

Windows 113

Windows Software Review Azure Internet 113

Tenable

JANUARY 16, 2024

Two zero-day vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have been exploited in the wild. Analysis CVE-2023-6548 is a RCE vulnerability in the NetScaler ADC and Gateway appliances. CVE-2023-6549 is a denial of service (DoS) vulnerability in the NetScaler ADC and Gateway appliances. and later releases of 13.0

Authentication 116

Authentication Network Internet Virtualization 116

CIO

JANUARY 2, 2024

Despite this sunsetting, companies still run the platform, primarily because they want to defer investing or can’t afford to invest in the upgrade. What CIOs need to do instead is to present IT infrastructure investment as an important corporate financial and risk management issue that the business can’t afford to ignore.

Budget 321

Budget Infrastructure Windows Strategy 321

CIO

SEPTEMBER 7, 2023

Exploiting technology vulnerabilities. Bad actors have the potential to train AI to spot and exploit vulnerabilities in tech stacks or business systems. Keeping our AI approach interpretable and managing bias becomes crucial.

Generative AI 245

Generative AI Security Artificial Inteligence Innovation 245

Tenable

NOVEMBER 4, 2023

Unpatched Apache Airflow instances used in Amazon Web Services (AWS) and Google Cloud Platform (GCP) allow an exploitable stored XSS through the task instance details page. This vulnerability was previously reported and fixed by Apache; more information can be found here. GCP is working on releasing a new, non-vulnerable version.

Authentication 121

Authentication AWS Azure Google Cloud 121

Tenable

MARCH 6, 2024

Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution. Background On March 4, JetBrains published a blog post regarding two security issues affecting TeamCity On-Premises , a software solution for build management.

Authentication 113

Authentication Malware Energy Groups 113

Tenable

FEBRUARY 13, 2024

5 Critical 66 Important 2 Moderate 0 Low Microsoft addresses 73 CVEs, including two zero-day vulnerabilities that were exploited in the wild. of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 21.9%. It was assigned a CVSSv3 score of 7.6 and is rated moderate.

LAN 124

LAN Windows Azure Internet 124

Ivanti

APRIL 4, 2024

This includes: Revamping core engineering, security and vulnerability management practices to ensure our current products are secure, and that customers have the resources needed to deploy them securely for their organization. Elevating our vulnerability management program.

Technical Review 108

Technical Review Development Team Review Systems Review Software Review 108

Lacework

FEBRUARY 7, 2024

Developers are building systems and applications faster than ever, but this creates more risks and vulnerabilities for hackers to exploit. By integrating risk and threat insights, teams can prioritize the actions that matter most, like fixing critical vulnerabilities and stopping the most dangerous threat actors.

Weak Development Team 109

Weak Development Team Malware Cloud Internet 109

Tenable

MARCH 14, 2024

Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software. CVE Description CVSSv3 Severity CVE-2023-48788 Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command) 9.3

Software Review 66

Software Review Systems Review Authentication Infrastructure 66

Tenable

OCTOBER 10, 2023

Microsoft addresses 103 CVEs including two vulnerabilities that were exploited in the wild. We omitted CVE-2023-44487 from our counts as this vulnerability was reported to MITRE and not Microsoft and does not exclusively affect Microsoft products.

Windows 115

Windows Software Review Azure Systems Review 115

Tenable

SEPTEMBER 27, 2023

CVE-2023–29357, CVE-2023–24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution. The vulnerability was assigned a CVSSv3 score of 7.2

Authentication 131

Authentication Research Video Analysis 131

Tenable

APRIL 23, 2024

A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. Background On April 19, CrushFTP published an advisory for a zero-day vulnerability in its file transfer tool which bears the same name. CVE Description CVSSv3 Severity CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability 7.7

Virtualization 64

Virtualization System Report Authentication 64

Tenable

APRIL 25, 2024

Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances. The campaign included the exploitation of at least two zero-day vulnerabilities. What are the vulnerabilities associated with ArcaneDoor?

Malware 59

Malware Analysis Groups Testing 59

Tenable

FEBRUARY 9, 2024

critical infrastructure through exploitation of known vulnerabilities Background On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system. CVE Description CVSSv3 Severity CVE-2024-21762 Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd 9.6

Malware 121

Malware Authentication Infrastructure Analysis 121

Tenable

SEPTEMBER 11, 2023

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled. Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly.

Groups 119

Groups Report Authentication Software Review 119

Tenable

MARCH 20, 2024

In this post, we dive deeper into four strategies to gain complete IT, OT and IoT asset visibility, and how Tenable’s exposure management platform can improve your security posture. Discover assets and monitor risks OT and IoT environments comprise a diverse range of devices with varying management methods and communication protocols.

IoT 70

IoT How To Network Tools 70

Tenable

FEBRUARY 20, 2024

Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect Background The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding two vulnerabilities impacting ScreenConnect, a Remote Monitoring and Management (RMM) solution from ConnectWise.

Authentication 69

Authentication Research Cloud Data 69

Tenable

OCTOBER 2, 2023

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10 Background On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server , a secure file transfer solution, addressing eight vulnerabilities.

Software Review 121

Software Review Software Systems Review Authentication 121

Tenable

JANUARY 9, 2024

2 Critical 46 Important 0 Moderate 0 Low Microsoft addresses 48 CVEs in its January 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities. Our counts omitted CVE-2022-35737, a vulnerability in SQLite called “Stranger Strings” that was assigned by MITRE and patched in July 2022.

Windows 114

Windows Authentication Cloud Linux 114

Lacework

DECEMBER 20, 2023

the SOC, Configuration and Management team, or CISO) must be able to easily filter across the platform based on these data-scoped views and gauge the risk and responsibilities in each team. The extensive updates support filtering and pre-filtering across every area in the product including compliance and vulnerabilities.

Groups 104

Groups Resources Data Compliance 104

Perficient

DECEMBER 13, 2023

WordPress, which began as a blogging platform, is now one of the most popular content management systems on the web. However, as a DXP (Digital Experience Platform) consultant, I believe that WordPress is not the best choice for marketing sites of businesses making close to and over $1 billion in annual revenue.

PHP 111

PHP Open Source Technical Review Software Review 111

Ooda Loop

APRIL 17, 2024

Armis, a cyber exposure management firm, has acquired Silk Security, a cyber risk prioritization and remediation company, for $150 million.

Company 59

Company 59

Tenable

SEPTEMBER 12, 2023

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761) Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild. of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 27.9%. It was assigned a CVSSv3 score of 6.2

LAN 119

LAN Windows 3D Azure 119

Tenable

NOVEMBER 15, 2023

The Red Hat Vulnerability Scanner Certification for Tenable Nessus represents our commitment to continue providing customers with visibility into their Red Hat Enterprise Linux systems. Tenable is proud to announce that it has received the Red Hat Vulnerability Scanner Certification. The journey can be summarized in two parts.

Linux 70

Linux Testing Meeting Study 70

Tenable

MAY 1, 2024

Combined with its cutting-edge, agentless vulnerability-scanning technology, including its ability to detect anomalous behavior, this new capability makes Tenable Cloud Security a much more complete and effective solution. Tenable Cloud Security is enhancing its capabilities with malware detection. Read on to find out how.

Malware 57

Malware Cloud Linux Analysis 57

Ivanti

APRIL 8, 2024

The constant stream of cybersecurity threats that organizations face—coupled with the very real impact they carry—have made the need for a robust IT risk management process painfully clear. In this concise IT risk management guide, we’ll cover: What is IT risk management? Five steps for risk management in IT.

How To 71

How To Technical Review Policies Software Review 71

Tenable

OCTOBER 16, 2023

CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild A maximum severity CVSS 10 zero-day vulnerability in Cisco IOS XE has been exploited in the wild. Analysis CVE-2023-20198 is a privilege escalation vulnerability affecting Cisco IOS XE software, receiving the highest possible CVSS score of 10.

Software Review 109

Software Review Systems Review Authentication Transportation 109