CSE(클라이언트 쪽 확장 기능)의 악용: AD 환경에 백도어
Crucial for applying Active Directory Group Policy Objects, client-side extensions (CSEs) are powerful but also present a significant, often overlooked, attack vector for persistent backdoors. Rather than cover well-documented common abuses of built-in CSEs, this article demonstrates how to create…
Where Capability Meets Opportunity: Introducing the Tenable Research Special Operations Team
Meet the elite squad that’s hunting the next major cyberattack. With more than 150 years of combined research experience and expert analysis, the Tenable Research Special Operations team arms organizations with the critical and actionable intelligence necessary to proactively defend the modern…
공격자가 사용하는 원격 모니터링 및 관리 도구를 탐지
Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments.
Frequently Asked Questions About Vibe Coding
Vibe coding has attracted much attention in recent weeks with the release of many AI-driven tools. This blog answers some of the Frequently Asked Questions (FAQ) around vibe coding.
MCP 프롬프트 인젝션: Not Just For Evil
MCP 도구가 여러 새로운 공격 기술에 관련되었습니다. 도구 사용 로깅 및 권한이 없는 명령 필터링과 같이 완벽히 조작할 수 있는 방법에 대해 알아봅니다.
최근 보안 강화에도 불구하고 Entra ID 동기화 가능은 여전히 남용되고 있습니다
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited.
Verizon 2025 DBIR: Tenable Research의 협업으로 CVE 수정 추세에 집중합니다
2025년 Verizon Data Breach Investigations Report(DBIR)에서는 20의 침해에서 취약성 악용이 있어서 작년 동기 34% 증가했음을 보여줍니다. 이 보고서를 지원하기 위해 Tenable Research에서는 가장 악용되는 취약성에 대한 보강된 데이터를 기여했습니다. In this blog, we analyze 17 edge…
CISA BOD 25-01 컴플라이언스: 미국 정부 기관이 알아야 하는 사
U.S. government agencies are required to bring their Microsoft 365 cloud services into compliance with a recent Binding Operational Directive. Here’s how Tenable can help.
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications
The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about…
How To Harden GitLab Permissions with Tenable
If your organization uses GitLab for managing your software development lifecycle, you must ensure you’re not misconfiguring the permissions of this open source DevSecOps platform. Doing so can expose your source code, along with sensitive data, while creating security risks. In this blog, we’ll…
ImageRunner: GCP 클라우드 실행에 영향을 주는 권한 상승 취약성
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
누가 클라우드 환경에 AI 위험에 대한 두려움이 있습니까?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game.
