Password Management and Authentication Best Practices
August 8, 2023Attackers are always looking for new ways to crack passwords and gain access to sensitive information. Keeping passwords secure is a challenging, yet critical task. Read this blog to learn several best practices for password management and authentication so you can keep your environment safe.
Tenable Cyber Watch: SEC Issues New Cyber Disclosure Rules, MITRE’s Most Dangerous Software Weaknesses, and more
August 7, 2023This week’s edition of Tenable Cyber Watch unpacks the new cybersecurity disclosures rules from the U.S. Securities and Exchange Commission and looks at MITRE’s list of the most dangerous software weaknesses. Also covered: Cloud adoption by financial institutions continues to increase. What one study shows.
Cybersecurity Snapshot: What, Me Worry? Businesses Adopt Generative AI, Security Risks Be Damned
August 4, 2023Seduced by generative AI’s potential, organizations plunge ahead overlooking its pitfalls. Plus, check out a common flaw that puts web app data at risk. Also, why many zero day bugs last year were variants of known vulnerabilities. Moreover, find out the current cost of a data breach – ouch! And much more!
Avoiding the Security Potluck: Good Governance Helps You from Code to Cloud
August 3, 2023What's involved in shifting cloud security responsibilities to the app development team with governance by the security team?
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
August 3, 2023A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
August 2, 2023Here’s all you need to know about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments.
Using the Service Location Protocol (SLP) to Find Exposed Management Interfaces
August 2, 2023Exposed management interfaces are valuable entry points for attackers. CISA Binding Operational Directive 23-02 calls for getting them off the internet. Here’s a novel approach for finding some of these elusive devices using SLP.
Unpacking the Shared Responsibility Model for Cloud Security: How To Avoid Coverage Gaps and Confusion
August 2, 2023Confusion over the scope of customer responsibility for cloud security causes control gaps and exposes businesses to risks of attack and non-compliance. Secure configuration of customer-managed resources is the most critical factor for reducing cloud risk. However, it can only be achieved by first understanding the nuances of responsibility before identifying and applying appropriate controls.
What's New in Tenable OT Security 3.16: Elevating Building Management System Security and User Experience
August 1, 2023Tenable OT Security 3.16 introduces advanced security for building automation systems, a streamlined interface and simplified upgrade process, empowering users to be at the forefront of securing their IT, OT, BMS and IoT assets with confidence.
Tenable Cyber Watch: U.S. Gov Releases Cybersecurity Implementation Plan, CISA Shares Free Tools for Cloud Security, and more
July 31, 2023This week’s edition of Tenable Cyber Watch unpacks the White House’s National Cybersecurity Strategy Implementation Plan and offers new tips and guidance for C-level executives regarding generative AI adoption. Also covered: CISA shares its factsheet offering free tools to help secure cloud environments.
FAQ: What the New SEC Cybersecurity Rules Mean for Infosec Leaders
July 28, 2023On July 26, the SEC voted 3-2 to adopt new rules which would require several new cybersecurity disclosures from publicly traded companies. Here’s what cybersecurity leaders need to know.
Cybersecurity Snapshot: SEC Wants More Cybersecurity Transparency from Public Companies
July 28, 2023Find out what’s in the SEC’s new cybersecurity disclosure rules. Plus, CISA analyzes the cyber risks impacting critical infrastructure organizations. Also, check out guidance for shadow IT and tips to boost your security awareness program. And much more!