Blog de Tenable
Dynamic Objects in Active Directory: The Stealthy Threat
CVE-2023-33299: Vulnerabilidad crítica por ejecución de código remoto en FortiNAC
Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC
Instantánea de ciberseguridad: En la medida en que los federales cazan a CLOP Gang, eche un vistazo a los consejos sobre la respuesta al ransomware, la gestión segura de la nube y la privacidad de los datos de las aplicaciones en la nube
Learn all about the U.S. government’s reward for CL0P ransomware leads. Plus, check out ransomware incident response recommendations. Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. ¡Y mucho más!
Shared Responsibility Model in the Cloud
CSPs have embraced a shared responsibility model to define the security responsibilities for different components of the architecture.
Tenable Cyber Watch: El gobierno de los EE. UU. Actualizaciones gubernamentales de guía de ransomware, estudio de linaje revela riesgos de la cadena de suministro en OSS y más
This week’s edition of the Tenable Cyber Watch unpacks the most recent updates to the U.S. government’s #StopRansomware Guide and addresses the steps organizations can take to boost digital trust. Also covered: why companies must be careful when using open source software.
Preguntas frecuentes de vulnerabilidades de transferencias MOVEit y CL0P Ransomware Gang
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
Instantánea de ciberseguridad: Para una robusta seguridad en la nube, enfóquese en la configuración
Check out the NCSC’s advice about proper configuration in cloud security. Plus, a detailed guide about LockBit ransomware. Also, don’t miss OWASP’s revised list of top API security risks. Plus, CISA’s warning about remote network management tools. ¡Y mucho más!
CVE-2023-20887: VMware Aria Operations para inyección de comandos de redes
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
El Martes de parches de Microsoft de junio de 2023 aborda 70 CVE (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
CVE-2023-27997: Desbordamiento de búfer basado en la pila en Fortinet FortiOS y FortiProxy SSL-VPN (XORtigate)
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.