Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
June 13, 2023Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
June 12, 2023Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.
Tenable Cyber Watch: Six Critical and Common Cyber Misconceptions, Best Practices to Boost IAM Security, and more
June 12, 2023This week’s edition of the Tenable Cyber Watch unpacks the six most critical and common cyber misconceptions and shares tips on how to better distribute software bills of materials. Also covered: the best practices to boost IAM security from CISA and the NSA.
Cybersecurity Snapshot: Building Your Own ChatGPT? Learn How To Avoid Security Risks of AI Models
June 9, 2023Find out why cyber teams must get hip to AI security ASAP. Plus, check out the top risks of ChatGPT-like LLMs. Also, learn what this year’s Verizon DBIR says about BEC and ransomware. Plus, the latest trends on SaaS security. And much more!
Mastering the Art of Kubernetes Security
June 6, 2023With Kubernetes’ explosive adoption by the development community comes an urgent need to secure clusters and ensure their compliance effectively.
Want to Learn More about Exposure Management? Check Out This Gartner® Report
June 6, 2023At Tenable, we believe that you need exposure management to protect your modern attack surface. But it’s not just us. We feel the Gartner “Predicts 2023: Enterprises Must Expand from Threat to Exposure Management” report is required reading for cybersecurity teams adopting an exposure management program and platform.
Tenable Cyber Watch: China’s ‘Volt Typhoon’ Targets U.S. Critical Infrastructure, BEC Attacks Skyrocket, and more
June 5, 2023This week’s edition of the Tenable Cyber Watch unpacks the White House’s updates to its National AI R&D Strategic Plan and addresses the recent surge in business email compromise scams. Also covered: CISA’s warning about Volt Typhoon, the hackers backed by the Chinese government that have been targeting U.S. critical infrastructure.
CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild
June 2, 2023Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations.
Cybersecurity Snapshot: Will AI Kill Us All? How Can You Boost Identity Security? Do You Use a Framework for Cloud Security?
June 2, 2023Check out a hair-raising warning from AI experts. Plus, find out why securing identities is getting harder than ever – and how to fix it. Also, how a cloud security framework can help you – a lot. In addition, check out nifty SaaS security tips. And much more!
Tenable Cyber Watch: OpenAI CEO Testifies Before Congress; Meet DarkBERT, New AI Trained on the Dark Web; and more
May 29, 2023This week’s edition of the Tenable Cyber Watch unpacks Sam Altman’s testimony before Congress on AI risks and regulations, and addresses the importance of cyberattack victims speaking up after an attack. Also covered: An introduction to DarkBERT, the only AI trained on the Dark Web.
Cybersecurity Snapshot: How Enterprise Cyber Leaders Can Tame the ChatGPT Beast
May 26, 2023Check out a guide written for CISOs by CISOs on how to manage the risks of using generative AI in your organization. Plus, the White House unveils an updated national AI strategy. Also, a warning about a China-backed attacker targeting U.S. critical infrastructure. And much more!
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
May 25, 2023Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.