El lado oscuro de los lenguajes específicos de dominio: Descubriendo nuevas técnicas de ataque en OPA y Terraform
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen?…
¿Quién tiene miedo del trío tóxico en la nube?
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization.
CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage
Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially…
The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments.
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems.
El EPSS muestra un desempeño robusto al predecir los exploits de acuerdo a un estudio elaborado por Cyentia y FIRST
Tenable patrocinó una investigación elaborada por Cyentia y FIRST que descubrió que aunque la explotación de vulnerabilidades es altamente variable, los EPSS son cada vez más robustos en su capacidad de predecir las explotaciones.
ConfusedFunction: Una vulnerabilidad de escalación de privilegios que causa impacto en las funciones de la nube de Google Cloud Platform (GCP)
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs…
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security.
Cómo la gestión de vulnerabilidades basada en el riesgo impulsa su postura de seguridad para entornos de TI modernos
La evaluación de vulnerabilidades y la gestión de vulnerabilidades suelen confundirse, pero son dos cosas distintas. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM)…
Póngase en contacto con nuestro equipo de ventas