Oracle July 2024 Critical Patch Update Addresses 175 CVEs
July 16, 2024Instantánea de ciberseguridad: CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills
July 12, 2024Check out CISA’s call for weeding out preventable OS command injection vulnerabilities. Plus, the Linux Foundation and OpenSSF spotlight the lack of cybersecurity expertise among SW developers. Meanwhile, GenAI deployments have tech leaders worried about data privacy and data security. And get the latest on FedRAMP, APT40 and AI-powered misinformation!
Cómo la gestión de vulnerabilidades basada en el riesgo impulsa su postura de seguridad para entornos de TI modernos
July 11, 2024La evaluación de vulnerabilidades y la gestión de vulnerabilidades suelen confundirse, pero son dos cosas distintas. De acuerdo al documento técnico de Enterprise Strategy Group: "es fundamental comprender sus diferencias y cambiar de evaluaciones de vulnerabilidades ad hoc a una gestión de vulnerabilidades basada en el riesgo (RBVM) continua". Lea el documento para conocer los puntos destacados de este estudio encomendado por Tenable y enterarse de cómo la RBVM ayuda a las organizaciones a adoptar una postura robusta de seguridad y riesgo en entornos multinube híbridos y complejos.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
July 9, 2024Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.
Cómo la vulnerabilidad regreSSHion podría impactar a su entorno en la nube
July 5, 2024With growing concern over the recently disclosed regreSSHion vulnerability, we’re explaining here what it is, why it’s so significant, what it could mean for your cloud environment and how Tenable Cloud Security can help.
Instantánea de ciberseguridad: Malicious Versions of Cobalt Strike Taken Down, While Microsoft Notifies More Orgs About Midnight Blizzard Email Breach
July 5, 2024Check out the results of a multinational operation against illegal instances of Cobalt Strike. Plus, more organizations are learning that Midnight Blizzard accessed their email exchanges with Microsoft. Meanwhile, Carnegie Mellon has a new report about how to fix and mitigate API vulnerabilities. And two new reports shed light on cyber insurance trends. ¡Y mucho más!
Instantánea de ciberseguridad: Memory Bugs Pervasive in Open Source SW, While Car Dealership Chaos Persists After Ransomware Attack
June 28, 2024Check out why memory vulnerabilities are widespread in open source projects. Plus, get the latest on the ransomware attack that’s disrupted car sales in North America. In addition, find out why a majority of organizations grew their cyber budgets this year. And learn how confidential data from U.S. chemical facilities may have been accessed by hackers. ¡Y mucho más!
Etiqueta, ¡usted es eso! Etiquetando su camino hacia la excelencia de la seguridad en la nube
June 26, 2024To manage your cloud resources effectively and securely, you need to consistently tag assets across all your cloud platforms. Here we explain tagging’s main benefits, as well as proven strategies and best practices for tagging success.
CVE-2024-5806: Vulnerabilidad de evasión de autenticación en Progress MOVEit Transfer
June 25, 2024Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability.
Understanding Customer Managed Encryption Keys (CMKs) in AWS, Azure and GCP: A Comparative Insight
June 25, 2024Explore critical differences in handling customer-managed encryption keys (CMKs) across AWS, Azure and GCP to avoid security misconfigurations and protect your data effectively.
CVE-2024-28995: Vulnerabilidad directory traversal/ruta en SolarWinds Serv-U explotada en la realidad
June 21, 2024Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised.
Instantánea de ciberseguridad: FTC Believes TikTok Broke U.S. Law, Asks Justice Dept. To Intervene, while French Cyber Agency Warns About Nobelium / Midnight Blizzard
June 21, 2024TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, check out a Tenable poll about dealing with vulnerabilities without patches. And did LockBit 3.0 make a comeback in May? Maybe – or maybe not. ¡Y mucho más!
How to Discover, Analyze and Respond to Threats Faster with Generative AI
June 17, 2024Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.