Blog de Tenable
Gartner® nombra a Tenable como la Company to Beat (compañía a vencer) para evaluación de exposición impulsada por IA en un informe de 2025
Instantánea de ciberseguridad: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks
Check out tips for adopting AI securely from the World Economic Forum. Plus, the EU’s DORA cyber rules for banks go into effect. Meanwhile, a report warns about overprivileged cloud accounts. And get the latest on ransomware trends; CIS Benchmarks; and data privacy.
CVE-2025-23006: vulnerabilidad de día cero de SonicWall Secure Mobile Access (SMA) 1000 supuestamente explotada
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild according to researchers.
Salt Typhoon: un análisis de las vulnerabilidades explotadas por este agente patrocinado por Estado
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat…
La actualización de parche crítico de Oracle para enero de 2025 aborda 186 CVE
Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security…
Instantánea de ciberseguridad: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook
Shopping for OT systems? A new CISA guide outlines OT cyber features to look for. Meanwhile, the U.S. government publishes a playbook for collecting AI vulnerability data. Plus, a White House EO highlights AI security goals. And get the latest on IoT security; secure app dev; and tougher HIPAA…
New Cybersecurity Executive Order: What It Means for Federal Agencies
The Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity includes guidance on third-party risk management and the need to adopt proven security practices to gain visibility of security threats across network and cloud infrastructure. Here we highlight six key…
5 cosas que los organismos gubernamentales necesitan saber sobre Zero Trust
Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey.
CVE-2024-55591: vulnerabilidad de día cero de evasión de autenticación de Fortinet explotada en la realidad
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024.
El Martes de parches de Microsoft de enero de 2025 aborda 157 CVE (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available.
