Verizon 2025 DBIR: Tenable Research의 협업으로 CVE 수정 추세에 집중합니다
2025년 Verizon Data Breach Investigations Report(DBIR)에서는 20의 침해에서 취약성 악용이 있어서 작년 동기 34% 증가했음을 보여줍니다. 이 보고서를 지원하기 위해 Tenable Research에서는 가장 악용되는 취약성에 대한 보강된 데이터를 기여했습니다. In this blog, we analyze 17 edge…
CISA BOD 25-01 컴플라이언스: 미국 정부 기관이 알아야 하는 사
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications
The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about…
How To Harden GitLab Permissions with Tenable
If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive data, while creating security risks. In this blog, we’ll…
ImageRunner: GCP 클라우드 실행에 영향을 주는 권한 상승 취약성
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
누가 클라우드 환경에 AI 위험에 대한 두려움이 있습니까?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game.
클라우드 공격 표면의 보안을 유지하기 위해 DNS 인프라 위험을 줄이는 방법
Mismanaging your DNS infrastructure could put you at risk of destructive cyberattacks – especially as your cloud attack surface expands. Read on to learn about DNS vulnerabilities, the impact of DNS takeover attacks, and best practices for DNS security, including how new Tenable plugins can help…
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.
새로운 CISA 강화 참고 자료는 네트워크 보안 엔지니어를 위한 중요한 통찰을 제공
Recent guidance from CISA and the FBI highlights best practices to monitor and harden network infrastructure. The guidance, published in response to high-profile attacks on telecom infrastructure, is applicable to a wider audience. This blog unpacks important points and explains how Tenable…
Volt Typhoon: 주 및 지역 정부 관리들이 알아야 하는 사항
Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
도메인별 언어의 어두운 측면: OPA 및 Terraform에서 새로운 공격 기술 발견하기
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen?…
누가 클라우드에 유해한 3개 요소가 무섭습니까?
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization.
