The Kids Aren’t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data
December 13, 2023Tenable Research discovered security flaws in a popular transportation management app that allowed access to student location data. While these issues have been fixed, the findings again prove the importance of strong authentication and access control.
Microsoft Patch Tuesday 2023 Year in Review
December 12, 2023Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities.
Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019)
December 12, 2023Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month.
Tenable Cyber Watch: 2023 Cyber Skills Shortage, the Most Sought-After Cyber Tech Skill in 2023, and more
December 11, 2023This week edition of Tenable Cyber Watch unpacks the 2023 cyber skills shortage and addresses the most sought-after cyber skills in 2023. Also covered: The most in-demand cybersecurity jobs from 2023 ...
How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment
December 11, 2023The plurality of devices and protocols found in operational technology (OT) environments makes asset discovery and remediation a challenge. Here’s how Tenable OT Security can help.
Cybersecurity Snapshot: CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software Principles
December 8, 2023CISA is urging developers to stamp out memory vulnerabilities with memory safe programming languages. Meanwhile, the OpenSSF published 10 key principles for secure software development. Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the cyber defenses of critical infrastructure orgs. And much more!
CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise
December 6, 2023Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
Tenable Cyber Watch: CSA Launches Zero Trust Certification, CISA Updates Security Attestation Form, and more
December 4, 2023This week’s edition of Tenable Cyber Watch unpacks CISA’s Security Attestation Form Draft and discusses CSA’s new Zero Trust Certification. Also covered: The FCC’s new pilot program that would help U.S. schools and libraries boost their cybersecurity.
Cybersecurity Snapshot: U.S., U.K. Governments Offer Advice on How To Build Secure AI Systems
December 1, 2023Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants about an active threat involving Unitronics PLCs. And much more!
Maximize Your Vulnerability Scan Value with Authenticated Scanning
November 30, 2023Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning
AWS Access Analyzer Just Got Better, So Did Tenable Cloud Security
November 27, 2023AWS IAM Access Analyzer now has an API allowing you to make custom policy checks. Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. Find out how and ...
Identities: The Connective Tissue for Security in the Cloud
November 27, 2023Almost everything in the cloud is one excess privilege or misconfiguration away from exposure. Proper cloud posture and entitlement management can help mitigate risk and eliminate toxic combinations.
