Aggregator

黑客论坛BreachForums创始人重判3年监禁

2025外滩大会“AI驱动的变革与挑战：重构网络安全的未来边界”见解论坛

看雪论坛作者ID：JSnow

A study conducted by Enterprise Strategy Group, now part of Omdia, in partnership with Tenable shows responsibility for exposure management scattered across multiple teams with conflicting priorities. It’s time to build the team of the future — discover what ‘good’ looks like and how to get there.

Key takeaways

1. Teams are fragmented, with most organizations lacking a dedicated vulnerability or exposure management team.
    
2. Conflicting priorities slow progress as IT and security teams often have different KPIs, causing delays.
    
3. Success requires collaboration, bringing key security functions under one umbrella and fostering cooperation across teams, not just tools.
    
4. Start small and build momentum by proving value with one team, unit, or use case before expanding.
    
5. Leverage existing resources, using an exposure management platform to maximize your people and tools.

Do you know who owns threat and exposure management in your organization?

It’s not a trick question. The obvious answer that springs to mind would be, “the vulnerability or exposure management team, of course!” 

Yet, a recent study conducted by Enterprise Strategy Group in partnership with Tenable shows that for most organizations the responsibility for threat and exposure management spans multiple teams — dominated by IT operations, cloud security and the security operations center (SOC). Only 41% of organizations say the vulnerability or exposure management team is responsible for managing threats and exposures

Source: Enterprise Strategy Group, now part of Omdia, Research Report, "The Evolution of Risk Reduction: Contextual Analysis and Automated Remediation in Threat and Exposure Management," July 2025

Why is this the case? For many organizations, such a team simply doesn’t exist. According to the study, “The Evolution of Risk Reduction: Contextual Analysis and Automated Remediation in Threat and Exposure Management,” many organizations lack the available expertise to staff dedicated vulnerability or exposure management teams. So, responsibility falls to members of the IT, cloud and SOC teams instead.

But these three domains have very different priorities and are measured on different KPIs. IT is primarily responsible for system uptime and keeping things operational, while security teams are primarily responsible for preventing exposure and reducing business risk. This creates conflicts when security teams need their IT counterparts to remediate urgent threats — ultimately slowing risk reduction and increasing exposure.

Siloed security tools, poor communication channels and a lack of formalized processes create friction and make effective cross-functional collaboration nearly impossible.

Source: Enterprise Strategy Group, now part of Omdia, Research Report, "The Evolution of Risk Reduction: Contextual Analysis and Automated Remediation in Threat and Exposure Management," July 2025 It’s time for organizations to rethink their approach.

As Tenable CSO Robert Huber shared in a past blog, we transformed our own vulnerability management policy into an exposure management policy. “More than just a name change, it represented a fundamental shift in scope for our vulnerability management team, which transformed into the exposure management team,” Huber wrote. “That team manages and owns the collaboration and workflows with the lines of business teams that need to fix issues.”

 

Transforming Tenable's vulnerability management policy into an exposure management policy is “more than just a name change, it represents a fundamental shift in scope for our vulnerability management team, which transformed into the exposure management team. That team manages and owns the collaboration and workflows with the lines of business teams that need to fix issues.”

— Robert Huber, CSO, Tenable

 

Huber noted that specialized teams like cloud security and application security still exist, but instead of chasing down colleagues to fix specific issues they can now concentrate on their core business functions, like securely deploying infrastructure in new environments.

How to create the exposure management team of the future

So, what does the ideal threat and exposure management team look like? According to the Enterprise Strategy Group study, the skills required cover diverse areas of cybersecurity, including:

• Managing and monitoring remediation efforts
• Monitoring for security incidents
• Implementing security controls
• Identifying and assessing threats and vulnerabilities
• Responding to security incidents
• Prioritizing remediation efforts
• Reporting on current security posture

Bringing all these disciplines together is virtually impossible in a siloed organizational structure using siloed tools.

 

“Launching an exposure management program means shifting ownership of key, siloed security functions, which can require teams to work together in ways they haven’t before.”

— Jorge Orchilles, Senior Director of Readiness and Proactive Security, Verizon

 

The Enterprise Strategy Group report advises that these functions “must be consolidated under one management umbrella if security teams are to maximize efficiency.”

The bottom line? Moving to exposure management is as much about people as it is about tools.

In a guest blog for Tenable, “Exposure Management Is the Future of Proactive Security,” Jorge Orchilles, Senior Director of Readiness and Proactive Security at Verizon, discussed his approach. “While the right platform makes all the difference, implementing exposure management isn't purely technical. It’s organizational,” Orchilles wrote. “Launching an exposure management program means shifting ownership of key, siloed security functions, which can require teams to work together in ways they haven’t before.”

The change management involved is best done thoughtfully. “It required high-level buy-in and careful planning,” wrote Orchilles. “These teams weren’t just being asked to use a new tool, they were being asked to change the way they work. The only way to make that transition successful is by showing team members how this approach makes their jobs easier, not harder.”

3 recommendations for building an exposure management team 

• Establish an exposure management policy framework: This is an evolution of your vulnerability management framework. It provides structure, establishes service level agreements (SLAs) and ensures accountability. An exposure management policy framework encompasses all inputs that produce information from every security tool: misconfigurations, vulnerabilities, identity weaknesses and more. You need a solid framework before you can begin building an exposure management team.
• Start small. Focus on a single team, a specific business unit or one critical use case. By showing success in one area, you can build momentum, secure broader buy-in and expand the program organically over time. This phased approach respects your team's limited resources while delivering incremental value.
• Make the most of the expertise — and tools — you already have. While the goal is to break down silos, the reality is that each security domain requires its own depth of expertise and skill in working with the appropriate tools. You don’t want to sacrifice that expertise in the effort to unify. Nor do you need to rip and replace your existing security stack. A platform like Tenable One is designed to ingest data from across your existing security tools. It gives all the domain experts on your exposure management team a contextualized view of your environment, improving communication and efficiency.

How Tenable can help

The Tenable One Exposure Management Platform unifies tools, data and teams across domains to enable seamless collaboration and deliver measurable risk reduction.

With Tenable One, exposure management teams can:

• Gain shared visibility into risk: See your entire cyber risk landscape as one connected picture, across every asset, risk and pathway in your attack surface, so you can spot the gaps that leave you exposed.
• Connect context across the attack surface: Combine data and intelligence from every domain, linking insights to reveal the real exposures that threaten your business, reputation and customer trust.
• Collaborate to drive effective risk reduction: Break down silos by enabling teams to work as one, focusing efforts where they matter most. Identify remediation bottlenecks and ownership gaps to ensure accountability, timely resolution of critical issues and adherence to SLA commitments.
• Make informed, data-driven decisions: Prioritize remediation based on business impact, optimize resource allocation and proactively address high-risk threats before they escalate.
• Demonstrate impact to stakeholders: Communicate measurable improvements and program effectiveness, showing how security initiatives support business goals and reduce overall organizational risk.

Learn more

• Read the Enterprise Strategy Group report, “The Evolution of Risk Reduction: Contextual Analysis and Automated Remediation in Threat and Exposure Management”
• Check out the Exposure Management Resource Center
• Visit the Exposure Management Academy
• Learn more about Tenable One

美国气候研究机构气候中心（Climate Central）公布分析结果称，受全球变暖影响，今年 6-8 月日本观测到的“危险性高温日”达到 62 天，比未发生气候变暖的情况增加 22 天。该机构指出“若不及时减少温室气体排放，各地的生态系统和经济将遭受更多损害。”研究团队将各地在 1991-2020 年观测到的气温中，排名前 10% 的高温或超过该数值的日子定义为“危险性高温日”。这类高温超出人们日常适应范围，是中暑和死亡风险上升的参考指标。分析结果显示，在全球范围内约 9.5 亿人因气候变暖多经历了 30 天以上的“危险性高温日”。在日本以外的国家和地区中，增加天数最多是 59 天的牙买加（共 74 天）和开曼群岛（共 66 天），56 天的海地（共 66 天）等紧随其后。

某网盘Windows客户端安装后，后台程序将监听本地10000端口，处理HTTP\HTTPS请求。其中的HTTP请求OpenSafeBox存在命令注⼊漏洞，攻击者可以控制该请求的URL参数，注⼊指定命令，可实现远程命令执行。

持续精进

根据 NASA Exoplanet Archive 的数据，NASA 确认的系外行星数量达到了 6007 颗。最早的系外行星是在 1990 年代初确认的，2019 年确认的系外行星数量突破了 4000 颗，2022 年突破 5000 颗，3 年后的 2025 年 9 月突破了 6000 颗，而 NASA 的数据库里还有 TESS (Transiting Exoplanet Survey Satellite)太空望远镜探测到的 7668 颗候选行星等待确认。最新确认的一颗系外行星是 KMT-2023-BLG-1896L b，属于类海王星行星，质量约 16.35 倍于地球。

近日，《计算机网络安全实践教程》正式上线！本书的安全实验已在国内高校的计算机或网络安全专业本科生课程中经过了多次测试。在这一过程中也对实验设计、平台功能以及对应的网络安全重要理论知识点进行了持续的优化和改进。

身份驱动攻击激增156%，零信任架构成防御关键。

Плагин Spotlight пересылает байты через системные уведомления.

Insight Partners has released more details of a 2024 ransomware breach impacting thousands of individuals

天空亮度有一个分类法叫 Bortle scale，以纽约业余天文学家 John E. Bortle 的名字命名，这套分类法共分 9 级，无人造光的最黑暗地区为 1 级，市中心为 9 级。大部分人一生中生活在亮度为 5 级以上的环境中，而今天越来越多的人生活在 7 级、8 级和 9 级亮度的地区。更明亮的 LED 灯的普及也让光污染愈发严重。近期的一项研究估计，从 2011-2022 年，全球光污染每年增长 10%，约每八年翻一番。尽管如此，Bortle 1 级的黑暗区仍然存在，比如澳大利亚内陆和智利北部的 Atacama 沙漠。但智利也面临在天文台附近建造采矿项目的压力。此外互联网卫星也给天文观测带来了额外的挑战：地球轨道上运行的卫星数量已从几百颗增加到 1.2 万颗，天文学家预测十年内卫星数量将达到 10 万颗以上。

Counter Threat Unit™ (CTU) researchers are tracking a sophisticated threat actor known as Warlock Group, which CTU designates as GOLD SALEM. Since March 2025, the group has compromised enterprise networks and bypassed security solutions to deploy its custom Warlock ransomware. While Microsoft refers to this collective as Storm-2603 and associates it “with moderate confidence to […]

The post Warlock Ransomware Deployed via Compromised GOLD SALEM Networks and Bypassed Security Solutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

Скрытая служба открывает доступ ко всем файлам жертвы.

Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the […]

【梆梆安全监测】

安全隐私合规监管趋势及漏洞风险报告

（0817-0830）

●最新监管动态

监管通报动态

●监管支撑汇总

梆梆安全监管支撑数据

国家监管数据分析

●漏洞风险分析

各漏洞类型占比分析

存在漏洞的APP类型分析 

01最新监管动态

1. 监管通报动态

8月21日，上海通管局依据相关法律法规的要求，持续开展移动互联网应用程序隐私合规和网络数据安全专项整治。7月，上海通管局公示了一批162款存在侵害用户权益行为的应用，经核查复检，尚有58款移动互联网应用程序未整改或整改不到位，现予以全国范围内主流应用市场下架处置。

8月25日，网络安全通报中心依据相关法律法规，检测发现38款移动应用存在违法违规收集使用个人信息情况。上期通报的33款违法违规移动应用，经复测仍有5款存在问题，相关移动应用分发平台已予以下架。

8月29日，浙江通管局依据相关法律法规的要求，持续开展个人信息保护系列专项行动。截至目前，仍有14款APP未完成整改工作，上述APP开发运营者应限期落实整改，逾期未完成整改的，浙江通管局将依法依规进行处置。

8月29日，重庆通管局依据相关法律法规的要求，持续开展个人信息保护系列专项行动。截至目前，仍有14款APP未完成整改工作，上述APP开发运营者应限期落实整改，逾期未完成整改的，重庆通管局将依法依规进行处置。

02监管支撑汇总

1. 梆梆安全监管支撑数据

依据近两周监管支撑发现存在隐私合规类问题的APP数据，从APP行业分类及TOP3问题数据两方面来说明。

1)问题行业TOP5：

网络游戏类、实用工具类、本地生活类、网上购物类、餐饮外卖类

2)隐私合规问题TOP3：

TOP1：认定方法 2-1 未逐一列出App(包括委托的第三方或嵌入的第三方代码、插件)收集使用个人信息的目的、方式、范围等；

TOP2：认定方法 3-3 实际收集的个人信息或打开的可收集个人信息权限超出用户授权范围；

TOP3：认定方法 3-9 违反其所声明的收集使用规则，收集使用个人信息。

2. 国家监管数据分析

针对国家近两周监管通报数据，依据问题类型，统计涉及APP数量如下：

问题分类问题数量191-3 未经用户同意收集使用个人信息32191-2 未明示收集使用个人信息的目的、方式和范围31164-1 违规收集个人信息18164-5 APP强制、频繁、过度索取权限15164-2 超范围收集个人信息6191-6 未按法律规定提供删除或更正个人信息功能”或“未公布投诉、举报方式等信息5191-1 未公开收集使用规则2191-4 违反必要原则、收集与其提供的服务无关的个人信息1总计110

针对国家近两周监管通报数据，依据APP类型，统计出现通报的APP数量如下：

APP类型APP数量实用工具类20本地生活类15求职招聘类15网络游戏类3电子图书类2其他2网上购物类2学习教育类2在线影音类2即时通信类1投资理财类1用车服务类1总计66

03漏洞风险分析

从全国的Android APP中随机抽取了3,082款进行漏洞检测发现，存在中高危漏洞威胁的APP为2,399个，即77.84%以上的App存在中高危漏洞风险。而这2,399款漏洞应用中，有高危漏洞的应用共1,790款，占比74.61%，有中危漏洞的应用共2,345款，占比97.75%（同一款应用可能存在多个等级的漏洞）。存在不同风险等级漏洞的App占比如下：

各漏洞类型占比分析

针对不同类型的漏洞进行统计，应用中高危漏洞数量排名前三的类型分别为Java代码反编译风险、HTTPS未校验主机名漏洞以及动态注册Receiver风险。各漏洞类型占比情况如下图所示：

存在漏洞的APP类型分析

从APP类型来看，实用工具类APP存在漏洞风险最多,占漏洞APP总量的21.35%，其次为教育学习类APP，占比12.93%，新闻阅读类APP位居第三，占比8.38%，漏洞数量排名前十的类型如下图所示：

The UK’s National Crime Agency is the new chair of the Five Eyes Law Enforcement Group