CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...

CVE-2023-0524

CVE-2023-0524 concerns a privilege-escalation issue in Tenable products. The authenticated attacker could modify environment variables and, by abusing an impacted plugin, escalate privileges. Affected products mentioned across sources include Tenable Nessus, Tenable.io, and Tenable.sc. The underl...

CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...

[R1] Tenable Plugin Feed ID #202212212055 Fixes Privilege Escalation Vulnerability

R1 Tenable Plugin Feed ID 202212212055 Fixes Privilege Escalation Vulnerability Arnie Cabral Mon, 01/30/2023 - 11:18 As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to...

Software supply chain security is coming of age

Coalfires first Securealities Software Supply Chain Risk Report revealed dramatic budget increases for enterprise security in general and a growing demand for more testing, training, and process improvements in the battle to defend digital assets. But perhaps the most significant takeaway from th...

Shift Left: Secure Your Innovation Pipeline

There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...

Cloud-Native Application Protection (CNAPP): What's Behind the Hype?

There's no shortage of acronyms when it comes to security product categories. DAST, EDR, CWPP — it sometimes feels like we're awash in a sea of letters, and that can be a little dizzying. Every once in a while, though, a new term pops up that cuts through the noise, thanks to a combination of...

Is it Easier to Turn Cloud Professionals into Security Practitioners or Vice Versa?

Insights into the cybersecurity skills gap In a poll taken at a recent Imperva webinar, What’s New in ‘22? Cybersecurity Trends and Predictions, participants said it’s easier to turn security practitioners into cloud professionals by a margin of 65-35. Three Directors in Imperva’s Office of the C...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

Micro Focus Solutions Business Manager Cross-Site Scripting Vulnerability (CNVD-2021-18312)

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A cross-site...

Building for Billions: Addressing Security Concerns for Platforms at Scale

Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...

Improve cyber supply chain risk management with Microsoft Azure

For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. Supply chain attacks target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise...

Exploit for Improper Privilege Management in Cloudcti Hip_Integrator_Recognition_Configuration_Tool

Author: Arn Vollebregt Introduction Creativity is at the c...

Announcing the new Security Engineering website

To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in...

Guide to Developing a National Cybersecurity Strategy—a resource for policymakers to respond to cybersecurity challenges

Nations from every corner of the world are increasingly leveraging digital transformation to grow their economies and empower businesses to improve services, including vital services provided by critical infrastructures. This adoption of new information communications technologies ICT has...

Inside MSRC: Sharing Our Story & Customer Tips

For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture...

Managing Security in a DevOps Environment

DevOps is a software development practice in which development and operations engineers collaborate during the entire product lifecycle. With the adoption of DevOps at mainstream levels, we now see security starting to take a bigger role in DevOps’ day-to-day responsibilities. From a security...