2024 年 OT セキュリティを形成することが予測されるサイバーセキュリティのトレンド
Discover the transformative shifts reshaping Operational Technology (OT) security in an evolving threat landscape....
サイバーセキュリティニュース: 新しい業界団体が AI の安全性のベストプラクティスを特定
A group that includes the Cloud Security Alliance, CISA and Google is working to compile a comprehensive collection of best practices for secure AI use. Meanwhile, check out a draft of secure configuration recommendations for the Google Workspace suite. Plus, MITRE plans to release a threat model fo...
Edulog ポータルの脆弱性により幼稚園生から高校生の位置情報データが流出
Tenable Research discovered security flaws in a popular transportation management app that allowed access to student location data. While these issues have been fixed, the findings again prove the importance of strong authentication and access control....
2023 年マイクロソフト月例セキュリティ更新プログラム、一年の振り返り
Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities....
マイクロソフト 2023 年 12 月月例セキュリティ更新プログラム、33 件の CVE を修正 (CVE-2023-36019)
Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month....
Tenable サイバーウォッチ: 2023 年のサイバーセキュリティのスキル不足、2023 年に最も求められるサイバーテクノロジースキル、その他
This week edition of Tenable Cyber Watch unpacks the 2023 cyber skills shortage and addresses the most sought-after cyber skills in 2023. また、 The most in-demand cybersecurity jobs from 2023 according to COMPTIA's "State of the Tech Workforce Report." Why did CISA urge AI vendors to ap...
OT セキュリティの課題に取り組む: 資産インベントリと脆弱性評価
The plurality of devices and protocols found in operational technology (OT) environments makes asset discovery and remediation a challenge. Here’s how Tenable OT Security can help....
サイバーセキュリティニュース: CISA がソフトウェアメーカーに対してメモリセーフな言語の使用を推奨、OpenSSF が安全なソフトウェア原則を発行
CISA is urging developers to stamp out memory vulnerabilities with memory safe programming languages. Meanwhile, the OpenSSF published 10 key principles for secure software development. Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the cy...
CVE-2023-4966 (CitrixBleed): アクティブなセッションや永続的なセッションを無効にしてさらなる侵害を防ぐ
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication...
Tenable サイバーウォッチ: CSA がゼロトラスト認証を導入、CISA がセキュリティ証明書フォームを更新、その他
This week’s edition of Tenable Cyber Watch unpacks CISA’s Security Attestation Form Draft and discusses CSA’s new Zero Trust Certification. また、 The FCC’s new pilot program that would help U.S. schools and libraries boost their cybersecurity. ...
サイバーセキュリティニュース: 米国と英国政府が安全な AI システムを構築するための推薦事項を提供
Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants abo...
認証スキャンで脆弱性スキャンの価値を最大化
Want to get a lot more value out of your vulnerability scans? Start doing authenticated scanning...
