Blogs Tenable
Cybersecurity Snapshot: AI Security Field Gets Boost from New CSA Framework and from SANS - OWASP Partnership

Microsoft’s December 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-44698)
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710)....
CVE-2022-27518: Unauthenticated RCE in Citrix ADC and Gateway
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently....
How To Assess the Cybersecurity Preparedness of IT Service Providers and MSPs
Improperly evaluating the cybersecurity capabilities of prospective IT service providers and managed service providers (MSPs) can put your organization's data and systems at risk. A new guide from CompTIA can help you ask the right questions....
CVE-2022-42475 : Fortinet patche Zero Day dans les VPN SSL FortiOS (en anglais)
Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently....
What Happens When the Metaverse Enters Your Attack Surface?
Tenable polled 1,500 cybersecurity, IT and DevOps professionals about their top concerns in the nascent virtual reality worlds of the metaverse. Here's what we found out....
Tenable Cyber Watch : Shift Left Challenges, Anti-Ransomware Efforts, Quantum Risks and CISO Anxiety
Beat the Monday blues with cyber news you can use | Shift-left efforts falling short. The White House’s war on ransomware. Everything you’ve ever wanted to know about CISOs. The quantum computing risk for critical infrastructure. Don’t miss the latest episode of the Tenable Cyber Watch. The weekl...
Instantané de cyber-sécurité : Anniversaire Log4j, risques CI/CD, infostealers, attaques de messagerie, sécurité OT (en anglais)
Get the latest on the anniversary of the Log4j crisis; OWASP’s top CI/CD risks; a surge of infostealer malware; the fund transfer fraud — business email compromise connection; and more! ...
Sécurité du cloud : 5 points clés à retenir de l'étude SANS DevSecOps
Un rapport récent du SANS Institute révèle que les équipes DevSecOps améliorent leurs outils, processus et techniques, même si les environnements IT multi-cloud deviennent de plus en plus complexes à sécuriser. Check out key highlights from the “SANS 2022 DevSecOps Survey.”...
Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice
Tenable CIO Patricia Grant and CSO Robert Huber share insights and best practices to help IT and cybersecurity leaders and their teams weather the next cyber crisis of Log4j proportions....