Category: AI in news
The U.S. Department of Justice is reportedly seeking a judge to potentially force Google to sell off Google Chrome, the world’s most popular internet browser. In a move that could shake up $88 billion Google and its cloud business, Google Cloud, the U.S. Department of Justice is reportedly seeking to ask a judge to force…
Read More
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor. Background The cyberthreat landscape is always evolving, with security teams continuously facing new threats and attacks from a…
Read More
Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths. Recent activity from the state-sponsored group Volt Typhoon, from the People’s Republic of China (PRC), has prompted federal agencies — including the Cybersecurity and Infrastructure Security Agency…
Read More
Microsoft 365, Office 365 and Enterprise Mobility+Security are among the affected suites. Microsoft has stirred up solution providers with the next move in its philosophy of more flexible billing terms should get a premium—a 5 percent increase in the price of some of its most popular annual subscription bundles if the customer wants to pay…
Read More
Palo Alto Networks confirmed two zero-day vulnerabilities were exploited as part of attacks in the wild against PAN-OS devices, with one being attributed to Operation Lunar Peek. Background On November 18, Palo Alto Networks updated its advisory (PAN-SA-2024-0015) for a critical flaw in its PAN-OS software to include a CVE identifier: CVE Description CVSS CVE-2024-0012…
Read More
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis. AWS just launched Resource Control…
Read More
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and beyond).” Infrastructure-as-code (IaC)…
Read More
Check out the CVEs attackers targeted the most last year, along with mitigation tips. Plus, a new guide says AI system audits must go beyond check-box compliance. Meanwhile, a report foresees stronger AI use by defenders and hackers in 2025. And get the latest on cloud security, SMBs’ MFA use and the CIS Benchmarks. Dive…
Read More
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization. In a “GPS mapping” of today’s most pressing cloud security issues, the Tenable Cloud Risk Report 2024 from Tenable Cloud…
Read More
Gartner assesses the eight top cloud platform service providers—accounting for 97 percent of the global cloud services market—which includes AWS, Google, Microsoft, Oracle, Alibaba, IBM, Huawei and Tencent. The top eight cloud platform service providers own 97 percent share of the global market, with AI and generative AI technologies becoming key to winning customers. These…
Read More