Salt Typhoon: تحليل للثغرات الأمنية التي استغلتها هذه الجهة الخبيثة المدعومة من الدولة
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat…
برنامج Critical Patch Update لشهر يناير 2025 من شركة Oracle يُعالج 186 ثغرة أمنية وحالة تعرض للمخاطر شائعة
Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.BackgroundOn January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security…
Cybersecurity Snapshot: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook
Shopping for OT systems? A new CISA guide outlines OT cyber features to look for. Meanwhile, the U.S. government publishes a playbook for collecting AI vulnerability data. Plus, a White House EO highlights AI security goals. And get the latest on IoT security; secure app dev; and tougher HIPAA…
New Cybersecurity Executive Order: What It Means for Federal Agencies
The Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity includes guidance on third-party risk management and the need to adopt proven security practices to gain visibility of security threats across network and cloud infrastructure. Here we highlight six key…
خمس معلومات أساسية يجب أن تعرفها الوكالات الحكومية عن مبدأ "الثقة المعدومة" في الأمن الإلكتروني.
Zero trust as a concept is simple to grasp. Implementing a zero trust architecture, on the other hand, is complex because it involves addressing a unique mix of process, procedure, technology and user education. Here are some considerations to keep in mind as you begin your journey.
CVE-2024-55591: ثغرة خطيرة في تجاوز المصادقة لدى Fortinet يتم استغلالها بشكل نشط في الهجمات الإلكترونية.
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024.
تحديث Microsoft لشهر يناير 2025 يعالج 157 ثغرة أمان (CVE-2025-21333، CVE-2025-21334، CVE-2025-21335).
Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available.
CVE-2025-0282: ثغرة أمنية خطيرة في Ivanti Connect Secure يتم استغلالها بشكل نشط في الهجمات الإلكترونية.
Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day.
Tenable Chairman and CEO Amit Yoran Has Died
It is with profound sadness that we share the news of the passing of our beloved CEO Amit Yoran on January 3. Amit was not only a visionary leader but also a guiding force who profoundly impacted our industry, our company, our culture and our community.
Cybersecurity Snapshot: After Telecom Hacks, CISA Offers Security Tips for Cell Phone Users, While Banks Seek Clearer AI Regulations
Check out best practices for preventing mobile communications hacking. Plus, how the U.S. government can improve financial firms’ AI use. Meanwhile, the FBI warns about a campaign to hack vulnerable webcams and DVRs. And get the latest on a Chinese APT’s hack of the Treasury Department; the federal…
اختيار منصة حماية التطبيقات السحابية الأصلية (CNAPP) المناسبة: ستة اعتبارات للمؤسسات المتوسطة الحجم
Mid-sized enterprises increasingly find themselves in need of a CNAPP, as their cloud adoption matures. But how should they go about selecting the right one? What questions should they ask and what criteria should they use? Here we unpack six key considerations that’ll help them evaluate their…
التنقل في قواعد الإفصاح عن الأمن السيبراني لهيئة الأوراق المالية الأمريكية: بعد مرور عام واحد
In December 2023, as cyberattacks surged, the U.S. Securities and Exchange Commission (SEC) began enforcing new cybersecurity disclosure rules. This pushed C-level executives and boards to adopt measures for compliance and transparency. In this post, we look at the enforcement actions the SEC has…
الاتصال بفريق المبيعات