SSRFing the Web with the Help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact....
Compromising Microsoft's AI Healthcare Chatbot Service
Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources....
Detecting Risky Third-party Drivers on Windows Assets
Kernel-mode drivers are critical yet risky components of the Windows operating system. Learn about their functionality, the dangers they pose, and how Tenable's new plugins can help identify and mitigate vulnerabilities using community-driven resources like LOLDrivers....
Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach
As AI transforms industries, security remains critical. Discover the importance of a security-first approach in AI development, the risks of open-source tools, and how Tenable's solutions can help protect your systems....
أظهرت دراسة أجرتها Cyentia وFIRST أن نظام حساب نقاط التنبؤ بالاستغلال (EPSS) أظهر أداءً قويًا في التنبؤ بالثغرات الأمنية
Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation. ...
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs ...
How To Do a Security Audit of Pimcore Enterprise Platform
Our new research paper gives you a roadmap for using Pimcore's features while preserving security....
كيف تعمل إدارة الثغرات الأمنية القائمة على المخاطر على تعزيز وضع الأمان في بيئة تكنولوجيا المعلومات الحديثة لديك
وقد تبدو عمليات تقييم الثغرات الأمنية وإدارة الثغرات الأمنية متشابهة - ولكنها ليست كذلك. كما يوضح المستند التقني الجديد الخاص بـ Enterprise Strategy Group، من المهم فهم الاختلافات بينهما والتحول من تقييمات الثغرات الأمنية المؤقتة إلى إدارة الثغرات الأمنية المستمرة القائمة على المخاطر (RBVM).Read...
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from atta...
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable Research has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services....
تكشف دراسة Tenable Cloud Security أن 95% من المؤسسات التي شملتها الدراسة عانت من عمليات اختراق متعلقة بالسحابة على مدار 18 شهرًا
النتيجة التي توصلت إليها دراسة نظرة مستقبلية بشأن أمان السحابة لعام ٢٠٢٤ من Tenable علامة واضحة على الحاجة إلى أمن سحابي استباقي وقوي. Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud infrastruc...
FlowFixation: الثغرة الأمنية للاستيلاء على خدمة AWS Apache Airflow ولماذا يؤدي إهمال حواجز الحماية إلى تعريض مقدمي خدمات الاتصالات الرئيسيين للخطر
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance. The discovery of this now-resolved vulnerability reveals a broader problem of m...