Tenable

APRIL 12, 2024

Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. And the NSA is sharing best practices for data security. Cybersecurity and Infrastructure Security Agency (CISA) in its Emergency Directive 24-02 , sent to federal civilian agencies last week and made public this week. And much more!

Generative AI 117

Generative AI Malware Trends Government 117

Tenable

SEPTEMBER 15, 2023

Tasked with securing your org’s new AI systems? Plus, open source security experts huddled at a conference this week – find out what they talked about. That’s the topic of the paper “ Securing AI: Similar or Different? published by Google’s Cybersecurity Action Team. ” published by Google’s Cybersecurity Action Team.

Open Source 113

Open Source Systems Review System Software Review 113

Tenable

AUGUST 23, 2024

And get the latest on ransomware trends, vulnerability management practices and election security! 1 - Guide outlines logging and threat detection best practices As attackers double down on the use of stealthy, hard-to-detect “living off the land” (LOTL) techniques, cybersecurity teams should improve how they log events and detect threats.

Security 74

Security Artificial Inteligence Azure Malware 74

Tenable

MARCH 8, 2024

Plus, a survey shows how artificial intelligence is impacting cybersecurity jobs. That’s according to ISC2’s survey “AI in Cyber 2024: Is the Cybersecurity Profession Ready?”, based on a poll of 1,123 cybersecurity pros. Source: “AI in Cyber 2024: Is the Cybersecurity Profession Ready?” And much more!

Infrastructure 115

Infrastructure Report Software Review Artificial Intelligence 115

Tenable

JANUARY 12, 2024

Check out expert recommendations for deploying AI tools securely. 1 - How to ensure AI helps, not hurts, cybersecurity How can organizations use artificial intelligence (AI) in a way that’s safe and that benefits cybersecurity? In addition, cyber insurance demand is forecast to grow robustly. And much more!

Systems Review 72

Systems Review System Technical Review Development Team Review 72

Tenable

NOVEMBER 24, 2023

Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. government will evaluate the security practices of its software vendors – and offer your two cents. And much more!

Software Review 71

Software Review Software Insurance Software Development 71

Tenable

MARCH 1, 2024

Check out what’s new in NIST’s makeover of its Cybersecurity Framework. Also, how to assess the cybersecurity capabilities of a generative AI LLM. 1 - NIST’s Cybersecurity Framework 2.0 1 - NIST’s Cybersecurity Framework 2.0 The Cybersecurity Framework at 10.and And the most prevalent malware in Q4. And much more!

Artificial Inteligence 74

Artificial Inteligence Malware Generative AI Government 74

Tenable

JULY 5, 2024

Fortra has released a new Cobalt Strike version with enhanced security features, according to the NCA. federal government agencies. In June, Microsoft President Brad Smith faced tough questions during his testimony before the House of Representatives’ Homeland Security Committee, which scheduled the hearing after a U.S.

Insurance 72

Insurance Transportation Software Review Systems Review 72

Tenable

JUNE 6, 2024

When CISA called on the world’s leading software manufacturers to sign its Secure by Design Pledge, Tenable answered promptly and enthusiastically, becoming part of the first wave of supporters of this landmark initiative. Tenable is proud to join 67 other technology firms as an original signatory of the Secure by Design Pledge.

Conference 80

Conference Guidelines Software Development Authentication 80

Tenable

NOVEMBER 4, 2022

Get the latest on salary trends for CISOs and cybersecurity pros; CISA’s call for adopting phishing-resistant MFA; the White House’s ransomware summit; and more! and Canada improved this year compared with 2021 as employers paid up to retain their cybersecurity chiefs amidst a shortage of qualified candidates for these jobs.

Trends 103

Trends Authentication Recruiting Banking 103

Tenable

JULY 26, 2024

And a poll on water plant cybersecurity. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and law enforcement agencies from the U.S., Check out a CISA-FBI advisory about North Korean cyber espionage on critical infrastructure orgs. Plus, what Europol found about the use of AI for cybercrime. And much more!

Artificial Inteligence 67

Artificial Inteligence CTO Technical Review Healthcare 67

Tenable

NOVEMBER 25, 2022

Get the latest on the Hive RaaS threat; the importance of metrics and risk analysis; cloud security’s top threats; supply chain security advice for software buyers; and more! . Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal Enterprise ” (Tenable blog). What would this look like?

Metrics 52

Metrics Cloud Backup Software Review 52

Palo Alto Networks

APRIL 6, 2020

In response, the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency ( CISA) has issued cybersecurity guidance in relation to teleworking. Remote Workforce Security Requirements. Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security.

Security 53

Security Government Meeting Company 53

Tenable

JANUARY 10, 2024

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors. Background On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.

Policies 72

Policies Authentication Analysis Network 72

Tenable

JULY 14, 2023

government for defending CI/CD pipelines. 1 – CISA and NSA issue CI/CD defense guidance Looking for recommendations and best practices to improve the security of your continuous integration / continuous delivery (CI/CD) pipelines? Learn about the guidance from the U.S. Plus, check out the 25 most dangerous software weaknesses.

Weak Development Team 52

Weak Development Team Software Review Software Technical Review 52

Tenable

SEPTEMBER 9, 2022

9 | Software supply chain security in the spotlight. Guidance for evaluating IoT security tools. Increasing diversity in cybersecurity. Another look at the major cloud security threats. government stresses software supply chain security. government. . government. . Secure composition analysis.

Security 52

Security IoT Open Source Linux 52

Tenable

FEBRUARY 9, 2024

Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. and international agencies.

Malware 122

Malware Authentication Infrastructure Analysis 122

Tenable

AUGUST 6, 2024

As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems. In the world of cybersecurity, one critical rule is “Never trust user inputs."

Artificial Inteligence 61

Artificial Inteligence Software Review Artificial Intelligence Authentication 61

InfoBest

MAY 25, 2023

In today’s digital landscape, where cyber threats are on the rise, ensuring robust cybersecurity measures in custom software development projects is more important than ever. Why is Cybersecurity Important in Software Development? Maintaining Trust Cybersecurity is critical to maintaining user trust.

Software Development 52

Software Development Software Review Weak Development Team Software 52

Tenable

JUNE 23, 2023

That’s why a recent IANS Research blog post about building an incident response process for ransomware caught our eye. and Australian Agencies Publish Joint Cybersecurity Advisory on BianLian Ransomware Group ” (blog) 3 – Guidance on high-risk and emergency access to cloud services The U.K.’s

Cloud 53

Cloud Systems Review Data Disaster Recovery 53

Tenable

APRIL 20, 2021

Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. On April 20, Pulse Secure, which was acquired by Ivanti last year, published an out-of-cycle security advisory (SA44784) regarding a zero-day vulnerability in the Pulse Connect Secure SSL VPN appliance.

Authentication 134

Authentication Malware Research Government 134

Tenable

DECEMBER 6, 2023

Tenable Research has published two blogs on CitrixBleed, our initial analysis of the vulnerability as well as a Frequently Asked Questions (FAQ) blog providing added context surrounding the in-the-wild exploitation by threat actors including multiple ransomware groups. ransomware group in their exploitation of CitrixBleed.

Systems Review 74

Systems Review Authentication Analysis Malware 74

Tenable

AUGUST 5, 2022

That’s the bad news the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board delivered in a recent report. Drive best practices for security hygiene, such as automated vulnerability management, asset inventorying and vulnerability mitigation, as well as secure software development practices.

Development Team Review 52

Development Team Review Software Review Systems Review Technical Review 52

Tenable

JULY 25, 2023

CVE Description CVSSv3 Severity CVE-2023-35078 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability 10.0 Analysis CVE-2023-35078 is an authentication bypass vulnerability in Ivanti’s EPMM. Tenable was provided access to the support article and our blog post reflects what we currently know about this vulnerability.

Mobile 98

Mobile Knowledge Base Authentication Government 98

Tenable

OCTOBER 28, 2022

Get the latest on Microsoft 365 security configurations; effective CISO board presentations; rating MSPs’ cybersecurity preparedness; and hospitals’ Daixin cyberthreat. Cybersecurity and Infrastructure Security Agency (CISA) released a set of recommended configuration baselines for the Microsoft 365 product suite. .

Cloud 52

Cloud Malware Spyware Authentication 52

Tenable

AUGUST 22, 2023

CVE Description CVSSv3 Severity CVE-2023-38035 Ivanti Sentry API Authentication Bypass Vulnerability 9.8 Critical Disclosure of this vulnerability is credited to researchers at mnemonic, which published its own blog post about the discovery. Just like CVE-2023-38035, its discovery is also credited to researchers at mnemonic.

Authentication 52

Authentication Knowledge Base Firewall Mobile 52

Palo Alto Networks

DECEMBER 14, 2020

Over the past few years, I have witnessed a growing focus in Europe on telecom and 5G security. Many service providers in the region are evolving cybersecurity practices and postures, both for existing 4G networks and also for planned 5G deployments, many of which are launching now.

Telecommunications 81

Telecommunications Mobile Network Guidelines 81

AWS Machine Learning - AI

JANUARY 26, 2024

Many customers are looking for guidance on how to manage security, privacy, and compliance as they develop generative AI applications. We first delve into the vulnerabilities, threats, and risks that arise from the implementation, deployment, and use of LLM solutions, and provide guidance on how to start innovating with security in mind.

Artificial Inteligence 126

Artificial Inteligence Generative AI Security Applications 126

Tenable

FEBRUARY 17, 2023

Find out why a study says cybersecurity pros will weather staff reductions better than all other employees. That’s according to the (ISC) 2 cybersecurity industry non-profit organization, which this week published the results of a survey of 1,000 C-level business executives from Germany, Japan, Singapore, the U.S. And much more!

Weak Development Team 52

Weak Development Team ChatGPT Infrastructure Report 52

Tenable

AUGUST 26, 2022

26 | The “platformization” of hybrid cloud security. Tackling IT/OT cybersecurity challenges. Tips for complying with HIPAA’s cybersecurity rule. 1 - IDC sees shift to “platformization” of hybrid cloud security. That’s according to IDC’s “Worldwide Cloud Workload Security Forecast, 2022-2026.” . And much more!

Weak Development Team 52

Weak Development Team Software Review Technical Review Budget 52

Tenable

SEPTEMBER 17, 2020

CISA warns that foreign threat actors from China and Iran are routinely targeting unpatched vulnerabilities across government agencies and U.S.-based CISA has observed these attacks against federal government agencies and other networks based in the United States. Pulse Connect Secure. Pulse Connect Secure. Background.

Software Review 102

Software Review Authentication Research Government 102

Cloudera

JUNE 7, 2023

By now, almost everyone across the tech landscape has heard of the Zero Trust (ZT) security model, which assumes that every device, application, or user attempting to access a network is not to be trusted (see NIST definitions below). This is the balancing act of security. But as models go, the idea is easier than the execution.

Data 85

Data Government Technical Review Policies 85

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . government advisory on APT exploit of Log4Shell to breach agency. Log4j guidance from the U.S.

IoT 52

IoT Systems Review Guidelines Technical Review 52

Tenable

JUNE 12, 2023

Medium Analysis CVE-2023-27997 is a heap-based buffer overflow vulnerability in the secure socket layer virtual private network (SSL VPN) functionality in FortiOS and FortiProxy in Fortinet devices including its FortiGate Next Generation Firewalls (NGFW). This is reachable pre-authentication, on every SSL VPN appliance.

Firewall 102

Firewall Authentication Research Groups 102

Tenable

OCTOBER 12, 2020

Government agencies issue joint cybersecurity advisory cautioning that advanced threat groups are chaining vulnerabilities together to gain entry into government networks and elevate privileges. The following is a list of vulnerabilities referenced in the CISA/FBI joint cybersecurity alert: CVE. Background. Tenable VPR*.

WAN 115

WAN Authentication Government Network 115

Tenable

SEPTEMBER 16, 2022

Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks. On September 14, the Cybersecurity and Infrastructure Security Agency along with the National Security Agency, U.S. Background.

Systems Review 52

Systems Review Software Review Report Authentication 52

Tenable

APRIL 8, 2021

On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory regarding activity involving advanced persistent threat (APT) actors. Improper Authentication (FortiOS). Background. CVE-2019-5591. CVE-2020-12812.

Authentication 108

Authentication Systems Review Research Groups 108