Cloud Security Basics: Protecting Your Web Applications
While cloud computing providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure offer robust and scalable services, securing your cloud environment brings its own unique challenges. You can reduce risk by addressing these eight common cloud security…
Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021
International cybersecurity agencies issue a joint alert outlining the top malware strains of 2021. We identified vulnerabilities associated with these strains.
The Ransomware Ecosystem: In Pursuit of Fame and Fortune
The key players within the ransomware ecosystem, including affiliates and initial access brokers, work together cohesively like a band of musicians, playing their respective parts as they strive for fame and fortune.
وقحة، وساذجة، وغير منطقية: التعرف على مجموعة الابتزاز LAPSUS$
نظرًا لأنها حظيت باهتمام الصناعة في الأشهر الأولى من عام 2022، باتت مجموعة LAPSUS$ لا تحرك ساكنًا إلى حد بعيد. ما الدروس المستفادة من قصة مجموعة الابتزاز هذه والتكتيكات الخاصة بها؟
Securing Critical Infrastructure: What We've Learned from Recent Incidents
Learn about well-known vulnerabilities and attacks and how they affected critical infrastructure —from Phone Phreaking to recent ransomware.
فهم نظام فيروس الفيدية: من مجرمين متخصصين في قفل الشاشة إلى مؤسسة إجرامية بملايين الدولارات
يُعد فيروس الفدية تهديدًا إلكترونيًا متطورًا باستمرار، ومن خلال تطوره تمكن فيروس الفدية من النجاة والازدهار.
Identifying XML External Entity: How Tenable.io Web Application Scanning Can Help
XML External Entity (XXE) flaws present unique mitigation challenges and remain a common attack path. Learn how XXE flaws arise, why some common attack paths are so challenging to mitigate and how Tenable.io Web Application Scanning can help.
Microsoft Azure Synapse Pwnalytics
Since March 10, Tenable Research has attempted to work with Microsoft to address two serious flaws in the underlying infrastructure of Azure Synapse Analytics.
So Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current Vulnerability Landscape
Among the thousands of vulnerabilities disclosed so far in 2022, we highlight five and explain why they matter.
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites.
Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out
The 2021 Threat Landscape Retrospective explored the top five vulnerabilities of the year. Learn about other high-impact vulnerabilities that nearly made our list. When putting together the Threat Landscape Retrospective (TLR) for 2021, the Security Response Team had a particularly difficult…
استرجاع مشهد التهديدات لعام 2021: استهداف الثغرات الأمنية الأكثر أهمية
A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond.
