Mastering Containerization: Key Strategies and Best Practices
September 17, 2024
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
September 16, 2024Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool. Tenable Research also found risky guidance in GCP documentation that customers should be aware of.
사이버 보안 스냅샷: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons
September 13, 2024Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity understaffing!
Microsoft의 September 2024 Patch Tuesday에서 79개 CVE(CVE-2024-43491)를 처리
September 10, 2024Microsoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild.
CVE-2021-20123, CVE-2021-20124: Tenable Research에서 발견한 DrayTek 취약성이 CISA KEV에 추가됨
September 9, 2024With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect.
사이버 보안 스냅샷: RansomHub Group Triggers CISA Warning, While FBI Says North Korean Hackers Are Targeting Crypto Orgs
September 6, 2024Cybersecurity teams must beware of RansomHub, a surging RaaS gang. Plus, North Korea has unleashed sophisticated social-engineering schemes against crypto employees. Meanwhile, a new SANS report stresses the importance of protecting ICS and OT systems. And a Tenable poll sheds light on cloud-native VM. And much more!
사이버 보안 스냅샷: Schools Suffer Heavy Downtime Losses Due To Ransomware, as Banks Grapple with AI Challenges
August 30, 2024The cost of ransomware downtime in schools gets pegged at $500K-plus per day. Meanwhile, check out the AI-usage risks threatening banks’ cyber resilience. Plus, Uncle Sam is warning about a dangerous Iran-backed hacking group. And get the latest on AI-system inventories, the APT29 nation-state attacker and digital identity security!
AA24-241A : 미국 조직을 표적으로 하는 이란 기반 사이버 행위자에 대한 공동 사이버 보안 권고
August 28, 2024A joint Cybersecurity Advisory highlights Iran-based cyber actor ransomware activity targeting U.S. organizations. The advisory includes CVEs exploited, alongside techniques, tactics and procedures used by the threat actors.
The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
August 28, 2024DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments.
Secure Your Sprawling Attack Surface With Risk-based Vulnerability Management
August 27, 2024The cloud, artificial intelligence (AI), machine learning and other technological breakthroughs are radically changing the modern work environment. New assets and services offer increased flexibility, growth potential and access to more resources. However, they also introduce new security risks. Managing vulnerabilities across this ever-expanding threat landscape requires a risk-based approach beyond point solutions and reactive patch management.
FCC Cybersecurity Pilot Program을 통하여 초중고 학교 및 도서관에게 $2억 사이버 보안 자금 사용 가능
August 27, 2024Empowering K-12 schools and libraries to strengthen their cybersecurity posture with new funding opportunities and best practices.
CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?
August 26, 2024Conventional wisdom suggests the keys to protect critical infrastructure against cyberattacks are network segmentation and OT security. But continued breaches imply those methods alone fall short. In fact, a CISA probe of 121 critical infrastructure networks found that their weakest link is identity compromise. Learn how to leverage an attacker’s perspective to better secure critical infrastructure.
사이버 보안 스냅샷: Guide Unpacks Event-Logging Best Practices, as FAA Proposes Stronger Cyber Rules for Airplanes
August 23, 2024Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!