Tenable-Blog
CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities
Infrastructure as Code Security Requires Programmatic Controls
Empower develops with a programmatic approach to security. Hier einige wichtige Tipps und Informationen.The concept of shifting security as far left into development as possible is not new, and it is fairly easy to see the benefits: when you catch issues earlier in the software development lifecycle (SDLC) you…
Static Lists Are The Wrong Way to Do Attack Surface Mapping
When identifying and cataloging assets, static lists leave your organization vulnerable to constant changes across your attack surface.
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.Update March 8, 2021: The Identifying Affected Systems section has been updated with information about the availability of additional plugins as well as a link to our blog post that details…
Keep Your IAM Users Close, Keep Your Third Parties Even Closer
Technical and legal controls that you take for granted when managing cybersecurity policy within your organization are usually out of reach when a third party is compromised.
Auditing iam:PassRole: A Problematic Privilege Escalation Permission
How to determine which identities need iam:PassRole to help enforce “use it or lose it” least privilege.
Cloud infrastructure is not immune from the SolarWinds Orion breach
Organizations exposed to the SolarWinds breach must identify exposed credentials and rotate them asap.
The AWS Managed Policies Trap
These policies are simultaneously appealing and dangerous. Here’s how to use automated analysis of environment configuration and activity logs to avoid getting caught in the trap.
Who Holds the Keys to the Kingdom?
Take a closer look at sensitive AWS Resources:secret strings and keys used in AWS, learn about the Resources and access control mechanisms relevant to them, delve into the challenges of tracking the permissions granted to them, and see ways in which automating analysis of environment configuration…
CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Update October 30, 2020: The solutions section has been updated to reflect the disclosure of a…
Vertriebsteam kontaktieren