Blog di Tenable
How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381
How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment
The plurality of devices and protocols found in operational technology (OT) environments makes asset discovery and remediation a challenge. Here’s how Tenable OT Security can help.
Cybersecurity Snapshot: CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software Principles
CISA is urging developers to stamp out memory vulnerabilities with memory safe programming languages. Meanwhile, the OpenSSF published 10 key principles for secure software development. Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the…
CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
Tenable Cyber Watch: CSA Launches Zero Trust Certification, CISA Updates Security Attestation Form, and more
This week’s edition of Tenable Cyber Watch unpacks CISA’s Security Attestation Form Draft and discusses CSA’s new Zero Trust Certification. Also covered: The FCC’s new pilot program that would help U.S. schools and libraries boost their cybersecurity.
Cybersecurity Snapshot: U.S., U.K. Governments Offer Advice on How To Build Secure AI Systems
Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants…
Maximize Your Vulnerability Scan Value with Authenticated Scanning
Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning
AWS Access Analyzer Just Got Better, So Did Tenable Cloud Security
AWS IAM Access Analyzer now has an API allowing you to make custom policy checks. Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. Find out how and why it’s important.AWS today announced a significant enhancement to AWS IAM Access Analyzer (AA)…
Identità: il tessuto connettivo per la sicurezza nel cloud
Quasi tutto nel cloud è a rischio di esposizione a causa di un solo privilegio o una sola configurazione errata. Un'adeguata gestione della postura e dei diritti può aiutare a mitigare il rischio ed eliminare le combinazioni dannose.
Tenable Cyber Watch: NCSC Offers Guidance for Quantum Threat, SBOM Adoption for Securing the Software Supply Chain, and more
This week’s edition of Tenable Cyber Watch unpacks what organizations need to do to prepare for quantum computing attacks and addresses SBOM adoption to help organizations beef up the security of the software supply chain. Also covered: Il Office of Management and Budget drafts guidance for…
Contatta il team di vendita