The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy
DSPM solutions provide a comprehensive, up-to-date view into cloud-based data and risk. An integrated CNAPP and DSPM solution elevates this analysis to expose toxic combinations and security gaps across cloud environments. ...
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact....
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources....
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers....
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems....
El EPSS muestra un desempeño robusto al predecir los exploits de acuerdo a un estudio elaborado por Cyentia y FIRST
Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation. ...
ConfusedFunction: Una vulnerabilidad de escalación de privilegios que causa impacto en las funciones de la nube de Google Cloud Platform (GCP)
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs ...
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security....
Cómo la gestión de vulnerabilidades basada en el riesgo impulsa su postura de seguridad para entornos de TI modernos
La evaluación de vulnerabilidades y la gestión de vulnerabilidades suelen confundirse, pero son dos cosas distintas. De acuerdo al documento técnico de Enterprise Strategy Group: "es fundamental comprender sus diferencias y cambiar de evaluaciones de vulnerabilidades ad hoc a una gestión de vulnerabilidades basada en el riesgo (RBVM) continua". Read...
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from atta...
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services....
El estudio de Tenable Cloud Security revela que un preocupante 95 % de las organizaciones encuestadas sufrió filtraciones relacionadas con la nube en un plazo de 18 meses
El hallazgo del estudio Perspectiva de seguridad en la nube para 2024 de Tenable es un indicador clave de la necesidad de contar con una seguridad en la nube que sea robusta y proactiva. Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud infrastruc...
