Cyentia 및 FIRST의 연구에 의하면 EPSS는 익스플로잇 예측에서 강력한 성과를 증명
Tenable에서 후원한 Cyentia 및 FIRST의 리서치에서는 취약성 악용이 매우 변동적이지만 EPSS가 익스플로잇 예측 능력이 더 강화되고 있음을 보여줍니다.
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs…
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security.
위험 기반 취약성 관리가 최근 IT 환경의 보안 포스처를 강화하는 방식
취약성 평가 및 취약성 관리는 비슷하게 생각되지만 다릅니다. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM)…
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from…
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
Tenable Cloud Security의 조사에 의하면 설문 조사에 응답한 조직의 무려 95%에서 지난 18개월 동안 클라우드 관련 침해를 겪음
Tenable 2024년 클라우드 보안 전망 조사에서 발견한 사항은 능동적이고 견고한 클라우드 보안이 필요하다는 분명한 신호가 됩니다. Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud…
FlowFixation: AWS Apache Airflow 서비스 테이크오버 취약성 및 Guardrails을 무시하면 주요 CSP에 위험이 되는 이유
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of…
IDC에서 Tenable을 5년 연속으로 전 세계 장치 취약성 관리 시정 점유율에서 1위로 보고
시장 조사 회사의 최신 보고서는 또한 보안 전문가가 취약성 관리 전략을 향상하는 데 사용할 수 있는 시장에 대한 통찰을 제공합니다.
Pig Butchering Scam: From Tinder and TikTok to WhatsApp and Telegram, How Scammers Are Stealing Millions in a Long Con
In part one of a two-part series on Pig butchering, we detail the pervasive scam that has impacted thousands of victims around the world, resulting in the loss of hundreds of millions of dollars. This blog highlights the who and the how of Pig butchering scams, and details the Pig butchering…
Pig Butchering Scam: How Bitcoin, Ethereum, Litecoin and Spot Gold (XAUUSD) Investments Are Used in Romance Scams to Steal Hundreds of Millions
This is the second part of a two-part series based on firsthand research into pig butchering scams from the end of 2022 into early 2024. In this post, we delve into the types of investment scams perpetrated by pig butchers to steal hundreds of millions of dollars from victims, including in the form…
어린이가 안전하지 않습니다: Edulog 포털의 취약성으로 K-12 학생 위치 데이터가 노출
Tenable Research discovered security flaws in a popular transportation management app that allowed access to student location data. While these issues have been fixed, the findings again prove the importance of strong authentication and access control.