Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources....
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers....
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems....
EPSS zeigt starke Leistung bei der Vorhersage von Exploits, so die Studie von Cyentia und FIRST
Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation. ...
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs ...
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security....
Wie risikobasiertes Schwachstellenmanagement die Sicherheit Ihrer modernen IT-Umgebung erhöht
Schwachstellenbewertung und Schwachstellen-Management mögen ähnlich klingen – aber das sind sie nicht. Wie ein neues Whitepaper der Enterprise Strategy Group (ESG) erklärt, ist es wichtig, die Unterschiede zwischen beiden zu verstehen und von Ad-hoc-Schwachstellenbewertungen zu einem kontinuierlichen, risikobasierten Schwachstellen-Management (Risk-based Vulnerability Management, RBVM) überzugehen. Read...
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from atta...
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services....
Tenable-Studie zur Cloud-Sicherheit: Ganze 95 % der befragten Unternehmen verzeichneten über einen Zeitraum von 18 Monaten eine Sicherheitsverletzung mit Cloud-Bezug
Dieses Ergebnis aus der Tenable-Studie Cloud Security Outlook 2024 zeigt eindeutig, wie wichtig proaktive und robuste Cloud-Sicherheit ist. Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud infrastruc...
FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of m...
IDC stuft Tenable das fünfte Jahr in Folge auf Platz 1 beim weltweiten Marktanteil für Device Vulnerability Management ein
The research firm’s latest report also provides market insights that security professionals can use to improve their vulnerability management strategy....