Tenable Customer Update about CrowdStrike Incident
July 19, 2024Please read this important customer update about CrowdStrike's recent incident.
Cybersecurity Snapshot: CISA Breaks Into Agency, Outlines Weak Spots in Report, as Cloud Security Alliance Updates Cloud Sec Guidance
July 19, 2024CISA’s red team acted like a nation-state attacker in its assessment of a federal agency’s cybersecurity. Plus, the Cloud Security Alliance has given its cloud security guidance a major revamping. Meanwhile, a Google report puts a spotlight on insecure credentials. And the latest on open source security, CIS Benchmarks and much more!
Tenable Announces Former Senior Administration Officials to Inaugural Public Sector Advisory Board
July 18, 2024Rob Joyce and Mark Weatherford will help Tenable shape federal cyber and AI policy
Oracle July 2024 Critical Patch Update Addresses 175 CVEs
July 16, 2024Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates.
Cybersecurity Snapshot: CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills
July 12, 2024Check out CISA’s call for weeding out preventable OS command injection vulnerabilities. Plus, the Linux Foundation and OpenSSF spotlight the lack of cybersecurity expertise among SW developers. Meanwhile, GenAI deployments have tech leaders worried about data privacy and data security. And get the latest on FedRAMP, APT40 and AI-powered misinformation!
How Risk-based Vulnerability Management Boosts Your Modern IT Environment's Security Posture
July 11, 2024Vulnerability assessments and vulnerability management sound similar – but they’re not. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM). Read on to check out highlights from this Tenable-commissioned study and learn how RBVM helps organizations attain a solid security and risk posture in hybrid, complex and multi-cloud environments.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
July 9, 2024Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.
How the regreSSHion Vulnerability Could Impact Your Cloud Environment
July 5, 2024With growing concern over the recently disclosed regreSSHion vulnerability, we’re explaining here what it is, why it’s so significant, what it could mean for your cloud environment and how Tenable Cloud Security can help.
Cybersecurity Snapshot: Malicious Versions of Cobalt Strike Taken Down, While Microsoft Notifies More Orgs About Midnight Blizzard Email Breach
July 5, 2024Check out the results of a multinational operation against illegal instances of Cobalt Strike. Plus, more organizations are learning that Midnight Blizzard accessed their email exchanges with Microsoft. Meanwhile, Carnegie Mellon has a new report about how to fix and mitigate API vulnerabilities. And two new reports shed light on cyber insurance trends. And much more!
Cybersecurity Snapshot: Memory Bugs Pervasive in Open Source SW, While Car Dealership Chaos Persists After Ransomware Attack
June 28, 2024Check out why memory vulnerabilities are widespread in open source projects. Plus, get the latest on the ransomware attack that’s disrupted car sales in North America. In addition, find out why a majority of organizations grew their cyber budgets this year. And learn how confidential data from U.S. chemical facilities may have been accessed by hackers. And much more!
Tag, You’re IT! Tagging Your Way to Cloud Security Excellence
June 26, 2024To manage your cloud resources effectively and securely, you need to consistently tag assets across all your cloud platforms. Here we explain tagging’s main benefits, as well as proven strategies and best practices for tagging success.
CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability
June 25, 2024Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability.