Tenable ブログ
ブログ通知を受信するTenable Assure: 2021 Global Partner Award 受賞企業発表
オラクルの 2021 年 4 月クリティカルパッチアップデート、ゼロログオン (CVE-202-1472) を含む CVE 257 件に対処
Oracle addresses over 250 CVEs in its second quarterly update of 2021 with 390 patches, including 34 critical updates. Background On April 20, Oracle released its Critical Patch Update (CPU) for Apri...
CVE-2021-22893: Pulse Connect Secure 内のゼロデイ脆弱性のエクスプロイトの詳細
Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Background On April 20, Pulse Secure, which was acquired by...
NAME:WRECK: 9 つの DNS 脆弱性が 4 つのオープンソースの TCP/IP スタックで発見される
Nine new DNS-related vulnerabilities have been identified across TCP/IP stacks embedded in millions of devices. Background On April 13, 2021, researchers at Forescout and JSOF published a report calle...
Tenable とゼロトラストへの道
The simplicity of the zero-trust concept belies the complexity of implementing it in most large organizations. Here are four factors to consider before you begin the journey. Zero trust, a cybersecuri...
CVE-2021-28480、CVE-2021-28481、CVE-2021-28482、 CVE-2021-28483: Microsoft Exchange Server の深刻な脆弱性 4 件にパッチ (4 月月例セキュリティ更新プログラムでリリース)
One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA). Background On April 1...
マイクロソフトの 2021 年 4 月月例セキュリティ更新プログラム: 108 件の CVE に対処 (CVE-2021-28310)
Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange. 19Critical 8...
CVE-2018-13379、CVE-2019-5591、CVE-2020-12812: Fortinet の脆弱性が APT 攻撃で狙われている
Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infr...
脆弱性評価にまつわる 5 つの一般的な神話を暴く
Don't let misconceptions stand in your way – get the facts on five common myths about vulnerability assessment. The simple truth of vulnerability assessment is that it's not always an easy task to acc...
地方自治体のサイバーセキュリティの改善: Tenable、NLC のセキュリティパートナーシップに参画
Recognizing the “perfect storm” created by COVID-19 disruptions, the NLC partnered with trusted security leaders to develop a turnkey solution for cities and local governments. The National League of...
CVE-2021-21975、CVE-2021-21983: VMware、連鎖的に非認証のリモートコード実行に悪用される恐れのあるvRealize 運用環境内の脆弱性を修正
VMware has addressed a pair of vulnerabilities in vRealize Operations that, when chained together, could result in unauthenticated remote code execution in vulnerable servers. Background On March 30,...
サイバー衛生: 最大のリスク軽減効果を発揮する 5 つの先進戦術
In part two of our series on cyber hygiene, we look at why businesses may need to go beyond the basics of vulnerability scanning and antivirus protection to ensure comprehensive security for their net...
Tenable を利用して Microsoft Exchange Server アセットのセキュリティ侵害を特定する方法
As organizations continue to respond to a flurry of attacks by HAFNIUM and other threat actors leveraging Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2...