Collaborate Disseminate
Tenable announced Nessus now includes Terrascan, an open-source cloud security analyzer that helps developers secure Infrastructure as Code (IaC). The integration into Nessus continues to further Tenable’s broader cloud strategy, helping enterprises se… Continue reading Tenable adds Terrascan to Nessus to enable secure cloud application delivery
Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. Continue reading Microsoft Patch Tuesday, May 2022 Edition
May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) and two publicly known vulnerabilities (CVE-2022-29972 and CVE-2022-22713). … Continue reading Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
Tenable Holdings announced that it has signed an agreement to acquire Bit Discovery, a provider of external attack surface management (EASM). Combining Tenable’s Cyber Exposure solutions with Bit Discovery’s EASM capabilities will provide customers wit… Continue reading Tenable acquires Bit Discovery to help organizations minimize cyber exposure
A diverse group of cybersecurity leaders joined together to launch the Operational Technology Cybersecurity Coalition (OT Cyber Coalition). Founding members include Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable, each with decades of exper… Continue reading Industry leaders launch OT Cyber Coalition to protect critical infrastructure from growing threats
On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and another (CVE-2022-26904) for which there’s already a PoC and a Metasploit mod… Continue reading Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)
Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world’s biggest corporations on edge. Continue reading The Original APT: Advanced Persistent Teenagers
KSOC announced that their platform satisfies the Kubernetes hardening guidelines issued by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA). The newly released guidelines recommend the following mitigation … Continue reading KSOC announces that its Kubernetes security platform supports hardening NSA/CISA guidelines
Here’s a look at the most interesting products from the last month, featuring releases from: Arista Networks, Blueshift Cybersecurity, Bugcrowd, Cato Networks, Cofense, CoSoSys, Cybellum, Cymulate, Darktrace, DataStax, F5 Networks, Federal Reserv… Continue reading Infosec products of the month: February 2022
February 2022 Patch Tuesday is here and it’s relatively “light” – light in fixed CVE-numbered vulnerabilities (51), extremely light in critical fixes (50 are “important” and one is “moderate”), and light … Continue reading A “light” February 2022 Patch Tuesday that should not be ignored