Security News
The internet-facing assets were found to be susceptible to potential exploitation in a sample of 90 banking and financial services organisations.
Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules. "We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.
Nathan Wenzler, chief security strategist at cyber security firm Tenable, said state-sponsored threat actors typically infiltrate by stealth and spread. Wenzler said Australian organisations should treat them as seriously as other actors or face serious risk during a geopolitical conflict. The Australian Cyber Security Centre found total reports of cybercrime were up by 23% to 94,000 in the year to June 2023, attributing part of that increase to state-sponsored attacks against critical infrastructure.
The key feature of this technical alliance lies in streamlining the essential data and information of IP addresses provided by the Criminal IP search engine to Tenable Vulnerability Management. Integrating Criminal IP with Tenable Vulnerability Management will equip users with the comprehensive feature of Criminal IP for detecting IP assets.
Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable. On July 10, Tenable again contacted Microsoft to reports its findings on what it regarded as a dangerously incomplete fix.
Microsoft fixed a security flaw in the Power Platform Custom Connectors feature that let unauthenticated attackers access cross-tenant applications and Azure customers' sensitive data after being called "Grossly irresponsible" by Tenable's CEO. The root cause of the issue stemmed from inadequate access control measures for Azure Function hosts launched by connectors within the Power Platform. "It should be noted that this is not exclusively an issue of information disclosure, as being able to access and interact with the unsecured Function hosts, and trigger behavior defined by custom connector code, could have further impact," says cybersecurity firm Tenable which discovered the flaw and reported it on March 30th. "However, because of the nature of the service, the impact would vary for each individual connector, and would be difficult to quantify without exhaustive testing."
Ep, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change. Ep combines the company's products - Tenable.io Vulnerability Management, Tenable.io Web Application Scanning, Tenable.io Container Security and Tenable Lumin - into one platform, enabling customers to see all of their assets and vulnerabilities in a single dashboard alongside key threat, exploit and prioritization metrics.
Tenable announced that it has entered into a definitive agreement to acquire Alsid SAS. Alsid for Active Directory is a Software as a Service solution with an on-premises deployment option that monitors the security of Active Directory in real time. "We're impressed with the insights that Alsid brings to enterprise customers and look forward to working with the Alsid team to add this critical element to Cyber Exposure and risk management."
Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report. While Zerologon was the company's number one insecurity for 2020, the hoary old Pulse Secure VPN vuln was number three, while flaws in Citrix and Fortinet connectivity platforms dating from 2019 and 2018 respectively were also up there.
Tenable announced new Tenable Lumin innovations that empower customers to align business objectives with cybersecurity initiatives. The latest enhancements to the Cyber Exposure Management Platform enable organizations to predict which vulnerabilities pose the greatest business risk and act with confidence to effectively reduce risk across their modern, distributed environments.