Aggregator

You must login to view this content

Don’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help.

In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous — but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that nearly 29% of organizations still have at least one toxic cloud trilogy. While this is a reduction from last year, it’s still alarming. These high-risk clusters occur when a single cloud workload is:

• Publicly exposed to the internet
• Critically vulnerable due to unpatched CVEs
• Over-permissioned, with identity and access management (IAM) roles that allow lateral movement or privilege escalation

This trifecta has the potential to open up a highly exploitable attack path in the cloud.

Let’s walk through a real-world example:

1. An attacker scans public IP ranges and finds an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance running a web server (public exposure)
2. They detect an unpatched remote code execution (RCE) vulnerability in that server (critical vulnerability).
3. Upon exploitation, they gain access to an IAM role with iam:PassRole, ec2:RunInstances, or even *:* (excessive permission).
4. The result? Full environment compromise — which could enable actions including sensitive data exfiltration or infrastructure takeover.

This is not a rare edge case. Tenable’s research shows that toxic trilogies are still common, often born from the “get it working fast” mentality during development — and left unremediated in production.

Many organizations scan infrastructure-as-code but neglect active cloud workloads, missing CVEs that exist in live environments. In some cases, teams delay mitigation to wait for all patches to be available or lack urgency because they don’t have context into the true risk of the vulnerability.

✅ Tenable Cloud Security advantage:

• Agentless scanning of cloud workloads in runtime.
• Integrated code-to-cloud visibility — from CI/CD pipelines to production environments.
• Exposure-aware prioritization of vulnerabilities that factors in public access and identity privileges.

Misconfigured security groups, open ports or overexposed resources make workloads discoverable and attackable from the internet.

✅ Tenable Cloud Security advantage:

• Continuous monitoring of cloud network configurations.
• Automated detection of public access paths to high-value assets.
• Risk scoring that increases based on combined exposure and vulnerability context, including likelihood of exploitation.

IAM roles are often over-permissioned during development and never scoped down. Overly broad policies are an open invitation to attackers.

✅ Tenable Cloud Security advantage:

• Integrated cloud infrastructure and entitlement management (CIEM) capabilities to map effective permissions across all identities.
• Least privilege policy recommendations generated from real-world usage patterns, and Just in Time (JIT) access for least-privilege granularity through time limits.
• Detection of trust policy misconfigurations that enable unintended role assumptions.

Security teams lack a unified view that correlates identity, network and workload risk across hybrid environments.

✅ Tenable One platform integration:

• Tenable Cloud Security feeds into the Tenable One Exposure Management Platform, delivering unified visibility and analytics.
• See the full attack path — not just individual issues — with automated toxic risk detection.
• Prioritize what matters most using cross-domain context (identity + vulnerability + exposure).

To eliminate toxic workload risk, security teams need more than scanning — they need continuous, contextualized security across the full stack. Tenable’s cloud-native application protection platform (CNAPP) capabilities offer:

• Identify vulnerabilities not just by severity, but by exposure and exploitability.
• Scan both static code and live cloud assets for comprehensive coverage.

• Automatically identify toxic combinations across your cloud infrastructure.
• Visualize attack paths and sever the most critical links before attackers can use them.

• Continuously audit all IAM roles, users and service identities.
• Detect unused credentials, over-permissioned roles and dangerous trust relationships.

• Tenable ranks toxic trilogies as top risks, not isolated misconfigurations.
• Prioritization is driven by real-world exploitation potential — not theoretical risk.

A critical CVE on an isolated virtual machine isn’t your biggest risk. But a medium-severity bug on a public-facing container with excessive IAM rights? That’s breach material.

Tenable Cloud Security gives you the visibility to find these toxic combinations fast — and the context to fix them before they’re exploited. Tenable Cloud Security, as part of Tenable One, gives you that kind of visibility across your hybrid cloud.

• ➡️ Download the Tenable Cloud Security Risk Report 2025
• ➡️ Read Part 1 of this blog series: Secrets in the Open: Cloud Data Exposures That Put Your Business at Risk

The post The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb appeared first on Security Boulevard.

Don’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help.

In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous — but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that nearly 29% of organizations still have at least one toxic cloud trilogy. While this is a reduction from last year, it’s still alarming. These high-risk clusters occur when a single cloud workload is:

• Publicly exposed to the internet
• Critically vulnerable due to unpatched CVEs
• Over-permissioned, with identity and access management (IAM) roles that allow lateral movement or privilege escalation

This trifecta has the potential to open up a highly exploitable attack path in the cloud.

Let’s walk through a real-world example:

1. An attacker scans public IP ranges and finds an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance running a web server (public exposure)
2. They detect an unpatched remote code execution (RCE) vulnerability in that server (critical vulnerability).
3. Upon exploitation, they gain access to an IAM role with iam:PassRole, ec2:RunInstances, or even *:* (excessive permission).
4. The result? Full environment compromise — which could enable actions including sensitive data exfiltration or infrastructure takeover.

This is not a rare edge case. Tenable’s research shows that toxic trilogies are still common, often born from the “get it working fast” mentality during development — and left unremediated in production.

Many organizations scan infrastructure-as-code but neglect active cloud workloads, missing CVEs that exist in live environments. In some cases, teams delay mitigation to wait for all patches to be available or lack urgency because they don’t have context into the true risk of the vulnerability.

✅ Tenable Cloud Security advantage:

• Agentless scanning of cloud workloads in runtime.
• Integrated code-to-cloud visibility — from CI/CD pipelines to production environments.
• Exposure-aware prioritization of vulnerabilities that factors in public access and identity privileges.

Misconfigured security groups, open ports or overexposed resources make workloads discoverable and attackable from the internet.

✅ Tenable Cloud Security advantage:

• Continuous monitoring of cloud network configurations.
• Automated detection of public access paths to high-value assets.
• Risk scoring that increases based on combined exposure and vulnerability context, including likelihood of exploitation.

IAM roles are often over-permissioned during development and never scoped down. Overly broad policies are an open invitation to attackers.

✅ Tenable Cloud Security advantage:

• Integrated cloud infrastructure and entitlement management (CIEM) capabilities to map effective permissions across all identities.
• Least privilege policy recommendations generated from real-world usage patterns, and Just in Time (JIT) access for least-privilege granularity through time limits.
• Detection of trust policy misconfigurations that enable unintended role assumptions.

Security teams lack a unified view that correlates identity, network and workload risk across hybrid environments.

✅ Tenable One platform integration:

• Tenable Cloud Security feeds into the Tenable One Exposure Management Platform, delivering unified visibility and analytics.
• See the full attack path — not just individual issues — with automated toxic risk detection.
• Prioritize what matters most using cross-domain context (identity + vulnerability + exposure).

To eliminate toxic workload risk, security teams need more than scanning — they need continuous, contextualized security across the full stack. Tenable’s cloud-native application protection platform (CNAPP) capabilities offer:

• Identify vulnerabilities not just by severity, but by exposure and exploitability.
• Scan both static code and live cloud assets for comprehensive coverage.

• Automatically identify toxic combinations across your cloud infrastructure.
• Visualize attack paths and sever the most critical links before attackers can use them.

• Continuously audit all IAM roles, users and service identities.
• Detect unused credentials, over-permissioned roles and dangerous trust relationships.

• Tenable ranks toxic trilogies as top risks, not isolated misconfigurations.
• Prioritization is driven by real-world exploitation potential — not theoretical risk.

A critical CVE on an isolated virtual machine isn’t your biggest risk. But a medium-severity bug on a public-facing container with excessive IAM rights? That’s breach material.

Tenable Cloud Security gives you the visibility to find these toxic combinations fast — and the context to fix them before they’re exploited. Tenable Cloud Security, as part of Tenable One, gives you that kind of visibility across your hybrid cloud.

• ➡️ Download the Tenable Cloud Security Risk Report 2025
• ➡️ Read Part 1 of this blog series: Secrets in the Open: Cloud Data Exposures That Put Your Business at Risk

Verax AI announced Verax Protect, a solution suitable even for companies in highly regulated industries, aiming to help large enterprises uncover and mitigate GenAI risks, including unintended leaks of sensitive data. As companies race to embrace the productivity potential of GenAI, they’re also increasingly exposed to the risks associated with this technology. One of the most pressing risks is data leakage – employees including sensitive data or proprietary information in GenAI prompts, and thereby unintentionally … More →

The post Verax Protect uncovers and mitigates GenAI risks appeared first on Help Net Security.

The notorious BlueNoroff group from North Korea is using deepfake video and deceptive Zoom calls to steal cryptocurrency by enticing targets to unwittingly download malware onto their macOS devices and letting the hackers to get access into them.

The post N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams appeared first on Security Boulevard.

You must login to view this content