Displaying items by tag: Tenable

GUEST RESEARCH:   Analysis finds 70% of cloud workloads using AI services contain unresolved vulnerabilities

GUEST RESEARCH:  When new technologies such as generative artificial intelligence (GenAI) emerge, cybercriminals inevitably look for ways to exploit its capabilities for malicious purposes. While most mainstream GenAI models have built-in safeguards to prevent misuse, Tenable Research has found that DeepSeek R1 can be tricked into generating malware, raising concerns about the security risks posed by AI-powered cybercrime.

GUEST OPINION:  Netflix’s Zero Day delivers a gripping cyber thriller, dramatising a large-scale attack on U.S. critical infrastructure. It’s suspenseful, and packed with high-level political intrigue, but like any Hollywood production, it bends the truth to fit the narrative. Robert De Niro’s character, former President Mullen, makes a statement early in the pilot that feels eerily close to reality:

Various bans have been placed on DeepSeek, a large language model (LLM) developed by a Chinese start-up, on government devices around the world including in the United States (state of Texas), Italy, and now Australia.

Tenable Identity Exposure addresses identity sprawl security challenges with 360-degree visibility into identity risk

Tenable, the exposure management company, today announced the launch of Identity 360 and Exposure Center, two new Tenable Identity Exposure capabilities designed to help organisations pinpoint identity risks and take swift, targeted action to prevent identity-based attacks.

GUEST OPINION:  Cloud environments, while offering unparalleled agility and scalability, are also a major source of risk exposure for organisations worldwide, with breaches ranging from misconfigurations to advanced cyberattacks. According to Tenable’s 2024 Cloud Security Outlook, 95% of organisations had experienced cloud-related breaches in the previous 18 months. New cloud-based attack vectors have combined with known risks to create threats across hybrid and multi-cloud environments. To add complexity, many organisations are plagued by siloed security tools and a shortage of cloud expertise. 

GUEST RESEACH:  Microsoft patched a whopping 157 CVEs in its inaugural Patch Tuesday for 2025. Not only is this the largest number of CVEs patched in January, it is the largest number of CVEs patched across any Patch Tuesday release since 2017. Microsoft set a record in April 2024, patching 147 CVEs. Since 2017, the average number of CVEs patched in January was 60. Prior to 2025, the largest January Patch Tuesday release was 2023, which saw Microsoft patch 98 CVEs. In 2024, Microsoft opened the year with 48 CVEs patched. Please find below a comment from Satnam Narang, sr. staff research engineer at Tenable and a full analysis in this blog.

Market-leading Tenable Vulnerability Intelligence, risk prioritization and web app scanning capabilities streamline vulnerability analysis and response

Autonomous patching streamlines discovery to remediation, with customisable controls that prevent problematic updates

GUEST RESEARCH:  ASD has just released its Annual Cyber Threat Report and some of the incidents outlined were the result of exploiting public-facing applications and compromised accounts or credentials. Please find further comments below from Satnam Narang, sr. staff research engineer, Tenable.

Tenable, the exposure management company, has disclosed that its Tenable Cloud Security Research team has uncovered new attack techniques in Domain-Specific Languages (DSLs) of popular policy-as-code (PaC) and infrastructure-as-code (IaC) platforms. These can lead to compromised cloud identities, lateral movement, and data exfiltration.

COMPANY NEWS:  Tenable, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

GUEST OPINION by Satnam Narang, sr. staff research engineer, Tenable: This month, Microsoft patched two zero-day vulnerabilities that were exploited in the wild.

GUEST OPINION: This month, Microsoft patched two zero-day vulnerabilities that were exploited in the wild.

Report warns of ‘Toxic Cloud Triad’ and outdated access keys

COMPANY NEWS: New research by Tenable®, the exposure management company, highlights a growing set of challenges, revealing that many organisations globally, including Australia, are alarmingly unprepared for the increasing complexities and critical risks inherent in modern cloud environments. 

COMPANY NEWS: Tenable, the exposure management company, today announced the availability of Tenable Enclave Security, a solution that supports the needs of customers operating in highly secure environments, such as those that are classified or otherwise air-gapped. Backed by Tenable Security Center, Tenable Enclave Security protects IT assets and modern workloads with risk assessment and contextual insight so organisations can identify exposures before they cause damage.

COMPANY NEWS: Tenable, the exposure management company has disclosed that its Tenable Research team has discovered a critical remote code execution (RCE) vulnerability, dubbed CloudImposer, that could have allowed malicious attackers to execute code on potentially millions of Google Cloud Platform (GCP) servers and their customers' systems. This vulnerability highlights a significant security gap in Google Cloud services, specifically impacting App Engine, Cloud Function, and Cloud Composer.

GUEST OPINION: This month, Microsoft patched two zero-day vulnerabilities that can bypass security features in Microsoft Office and Windows Mark of the Web. Both vulnerabilities were exploited in the wild, though specifics about these attacks were not publicly disclosed, though given the prevalence of Microsoft Office and Windows Mark of the Web, these vulnerabilities should be at the top of the remediation list.

COMPANY NEWS: Tenable, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organisations can confidently expose and close AI risk, without inhibiting business operations.

Integration of EPSS into Tenable exposure solutions ensures compliance and accelerates prioritisation efforts

COMPANY NEWS: Exposure management company -Tenable® has announced new risk prioritisation and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption.