Tenable blog
Cybersecurity Snapshot: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook
CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?
Conventional wisdom suggests the keys to protect critical infrastructure against cyberattacks are network segmentation and OT security. But continued breaches imply those methods alone fall short. In fact, a CISA probe of 121 critical infrastructure networks found that their weakest link is identity...
Cybersecurity Snapshot: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on...
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact....
Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled
NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent malwar...
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available...
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild....
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources....
Cybersecurity Snapshot: New Report Ranks Top Cloud Threats, while CISA Guide Helps Assess Security of Software Products
The Cloud Security Alliance has released its list of top cloud threats for 2024. Plus, CISA and the FBI published a guide for determining if a software product was built ‘secure by design.’ Meanwhile, find out how AI can transform offensive security. And get the latest on the Royal ransomware gang, ...
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability
Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.BackgroundOn July 17, 2024, Cisco published an advisory for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem):CVEDescriptionCVSSv...
