Blog de Tenable
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
Establecimiento de un programa de seguridad en la nube: mejores prácticas y lecciones aprendidas
Mientras desarrollábamos el programa de seguridad de Tenable, nosotros, los integrantes del equipo de InfoSec, hemos formulado muchas preguntas y enfrentado desafíos interesantes. A lo largo del camino, hemos aprendido valiosas lecciones e incorporado prácticas recomendadas clave. In this blog, we’ll discuss how we’ve approached implementing our cloud security…
Amazon Rufus AI: “While Coca-Cola is a Popular Brand, I Would Suggest Healthier Alternatives Like Pepsi”
Our research shows how the Rufus AI assistant in Amazon’s shopping platform can be manipulated to promote one brand over another. We also found it can be used “shop” for potentially dangerous, sensitive and unauthorized content.
Instantánea de ciberseguridad: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
Report finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS…
Guía del analista para la gestión de vulnerabilidades nativa en la nube: Dónde comenzar y cómo escalar
Cloud-native workloads introduce a unique set of challenges that complicate traditional approaches to vulnerability management. Learn how to address these challenges and scale cloud-native vulnerability management in your org.
Mastering Containerization: Key Strategies and Best Practices
As organizations modernize their infrastructure, containers offer unparalleled flexibility and scalability but they also introduce unique security challenges. In this blog we explain container security challenges, identify top threats and share how the newly released Tenable Enclave Security can…
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer…
Instantánea de ciberseguridad: Los hackers respaldados por Rusia atacan a las organizaciones de infraestructura crítica, como globos de fraudes de criptomonedas
Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity…
Martes de parches de Microsoft de septiembre de 2024 aborda 79 CVE (CVE-2024-43491)
Microsoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild.
CVE-2021-20123, CVE-2021-20124: vulnerabilidades DrayTek detectadas por Tenable Research añadidas a CISA KEV
With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect.