Tenable 블로그
사이버 보안 스냅샷: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
CISA BOD 25-01 컴플라이언스: 미국 정부 기관이 알아야 하는 사
미국 정부 기관은 사용하는 Microsoft 365 클라우드 서비스가 최근 Binding Operational Directive를 준수하도록 해야 합니다. Tenable이 다음과 같은 도움이....
ConfusedComposer: GCP Composer에 영향을 권한 상승 취약성
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate pri...
Turn to Exposure Management to Prioritize Risks Based on Business Impact
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have ...
CVE-2025-32433: Erlang/OTP SSH 인증되지 않은 원격 코드 실행 취약성
Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices....
사이버 보안 스냅샷: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on a...
MITRE CVE 프로그램 만료 및 갱신에 대해 자주 묻는 질문
Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation....
Oracle April 2025 중요 패치 업데이트에서 171개 CVE에 대응
Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.BackgroundOn April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security...
MITRE CVE 프로그램 자금 지원 1년 연장
MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. While CISA secured funding on April 16 to extend the program for the next year, the lack of clarity surrounding its long-term future creates great uncertainty about how newly discovered vulnerabilities will be ca...
You Have Exposure Management Questions. We’ve Got Answers
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we feature the first Exposure Management Academy FAQ. We’ll run these FAQs from time to time to share some of the mos...
