도메인별 언어의 어두운 측면: OPA 및 Terraform에서 새로운 공격 기술 발견하기
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen?…
누가 클라우드에 유해한 3개 요소가 무섭습니까?
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization.
CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage
Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially…
The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments.
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems.
Cyentia 및 FIRST의 연구에 의하면 EPSS는 익스플로잇 예측에서 강력한 성과를 증명
Tenable에서 후원한 Cyentia 및 FIRST의 리서치에서는 취약성 악용이 매우 변동적이지만 EPSS가 익스플로잇 예측 능력이 더 강화되고 있음을 보여줍니다.
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs…
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security.
위험 기반 취약성 관리가 최근 IT 환경의 보안 포스처를 강화하는 방식
취약성 평가 및 취약성 관리는 비슷하게 생각되지만 다릅니다. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM)…
영업 팀에게 문의