Blog de Tenable
Gartner® nombra a Tenable como la Company to Beat (compañía a vencer) para evaluación de exposición impulsada por IA en un informe de 2025
SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Instantánea de ciberseguridad: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled
NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent…
CVE-2024-7593: Vulnerabilidad de evasión de autenticación de Ivanti Virtual Traffic Manager
Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
El Martes de parches de Microsoft de agosto de 2024 aborda 88 CVE
Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
Instantánea de ciberseguridad: New Report Ranks Top Cloud Threats, while CISA Guide Helps Assess Security of Software Products
The Cloud Security Alliance has released its list of top cloud threats for 2024. Plus, CISA and the FBI published a guide for determining if a software product was built ‘secure by design.’ Meanwhile, find out how AI can transform offensive security. And get the latest on the Royal ransomware gang,…
CVE-2024-20419: Vulnerabildiad de cambio de contraseña local de Cisco Smart Software Manager
Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.BackgroundOn July 17, 2024, Cisco published an advisory for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem)…
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers.
Securing the AI Attack Surface: Separating the Unknown from the Well Understood
There's a lot of confusion and unknowns regarding AI application risks, and a lot of vendors are trying to offer solutions to problems that aren't clearly defined. In this blog we explain why a smart approach is to start by focusing on basic, foundational cyber hygiene, adopt well-established best…
