Tenable Cyber Watch: Verizon DBIR Warns About BEC and Ransomware, Cloud Security Tops CISOs’ Concerns, and more
June 26, 2023This week’s edition of the Tenable Cyber Watch unpacks Verizon’s DBIR 2023 report and its warnings about the rise in BEC scams and ransomware attacks and addresses the greatest areas of concerns for cybersecurity leaders. Also covered: why app stores may soon be required to disclose their apps’ country of origin.
CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC
June 23, 2023Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC
Cybersecurity Snapshot: As Feds Hunt CL0P Gang, Check Out Tips on Ransomware Response, Secure Cloud Management and Cloud App Data Privacy
June 23, 2023Learn all about the U.S. government’s reward for CL0P ransomware leads. Plus, check out ransomware incident response recommendations. Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. And much more!
Shared Responsibility Model in the Cloud
June 21, 2023CSPs have embraced a shared responsibility model to define the security responsibilities for different components of the architecture.
Tenable Cyber Watch: U.S. Government Updates Ransomware Guide, Lineaje Study Reveals Supply Chain Risks in OSS, and more
June 19, 2023This week’s edition of the Tenable Cyber Watch unpacks the most recent updates to the U.S. government’s #StopRansomware Guide and addresses the steps organizations can take to boost digital trust. Also covered: why companies must be careful when using open source software.
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
June 16, 2023Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
Cybersecurity Snapshot: For Strong Cloud Security, Focus on Configuration
June 16, 2023Check out the NCSC’s advice about proper configuration in cloud security. Plus, a detailed guide about LockBit ransomware. Also, don’t miss OWASP’s revised list of top API security risks. Plus, CISA’s warning about remote network management tools. And much more!
CVE-2023-20887: VMware Aria Operations for Networks Command Injection
June 14, 2023VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
June 13, 2023Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
June 12, 2023Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.
Tenable Cyber Watch: Six Critical and Common Cyber Misconceptions, Best Practices to Boost IAM Security, and more
June 12, 2023This week’s edition of the Tenable Cyber Watch unpacks the six most critical and common cyber misconceptions and shares tips on how to better distribute software bills of materials. Also covered: the best practices to boost IAM security from CISA and the NSA.
Cybersecurity Snapshot: Building Your Own ChatGPT? Learn How To Avoid Security Risks of AI Models
June 9, 2023Find out why cyber teams must get hip to AI security ASAP. Plus, check out the top risks of ChatGPT-like LLMs. Also, learn what this year’s Verizon DBIR says about BEC and ransomware. Plus, the latest trends on SaaS security. And much more!