Aggregator

Cobalt Strike задумывался как щит — а стал мечом хакеров.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the first of a two-part blog series, Tenable CSO Robert Huber shares how he and his team have guided the company to unified exposure management. You can read the entire Exposure Management Academy series here.

If you’re in cybersecurity, you’ve probably heard or said these words more than a few times: "I don't need more tools." In quiet moments, I often take a deep breath and repeat them like a mantra. 

But tool sprawl underscores a significant challenge our industry created. We've become accustomed to a seemingly endless proliferation of security solutions, each designed to address a specific policy or threat vector. The result hasn’t simplified our lives. On the contrary, we’re buried in a dizzying array of tools and an overwhelming flood of alerts — all of which led to a fundamental disconnect between security efforts and business outcomes. 

Alarmingly, a typical large enterprise might juggle 70 or more technology vendors, each offering a "solution" to a perceived security need. At Tenable, my team manages around 50 different tools. Although some are our own, the sheer volume underscores the pervasive problem. 

As one security leader told me, "I don't want to buy more alerts." 

Tool sprawl comes home to roost

We've diligently crafted policies for areas like cloud security, network security and vulnerability management. Often, the central assumption is that for us to adhere to these policies, we need yet another tool. 

This creates a vicious cycle: New policies lead to new tools, which generate more alerts, without a corresponding increase in the headcount needed to address them.

The consequence is security teams drowning in data. 

Whether from endpoint detection and response, cloud-native application protection platforms or vulnerability management, the sheer volume of alerts is unmanageable. As one security leader told me, "I don't want to buy more alerts." 

The reality is that organizations don't have the personnel to triage and respond to every notification. This creates an unfortunate bottleneck, with valuable insights lost under a mountain of noise.

Everybody gets a report!

Security teams often find themselves generating endless spreadsheets, pivot tables and dashboards for various stakeholders, such as heads of engineering, CIOs and other organizational leaders. And, like audience members at The Oprah Winfrey Show, nobody goes home empty-handed! "You get a report! You get a report! Everybody gets a report!" 

This approach, while well-intentioned, is incredibly inefficient. 

Leaders are left with multiple streams of information, without any clear sense of what's most important or what actions they should prioritize. Instead of having a clear remit, they come back asking, "OK — so, what do you want me to work on?"

Moving to business impact

This challenge is not theoretical. It's a lived reality even within my company. 

Our vulnerability management team, once singularly focused on vulnerability management, has increasingly become a wrangler of alerts and reports as we've added more tools to their arsenal. And there are no signs of this slowing down. 

The emergence of new technological frontiers, such as artificial intelligence, only makes the problem worse. When leadership and the board inquire about securing AI, a couple of questions come up immediately: 

• Do we have the people?
• Do we have the controls?
• What risk does the use of AI introduce?
• How do we manage that risk?

The answer is often "no" to the first two questions, which leads to the inevitable acquisition of more tools, more alerts, more data and more things to prioritize.

This endless cycle of tool acquisition and alert fatigue highlights a fundamental flaw in our current approach to cybersecurity. We've focused on generating data, but failed to effectively translate that data into actionable insights for the business. 

When discussing cybersecurity with leadership, the conversation shouldn't revolve around the number of assets or findings. Those are operational metrics that generally hold little interest for the C-suite. What they truly want to know is: How does this impact the business? What is the security posture of a revenue-generating or service-providing entity?

Our job as security professionals is to communicate risk to the board. But silos make connecting the metrics to the business a challenge. We need to translate the myriad assets, events and alerts into a business context but there has been no simple way to do that. 

Effective security and communication requires context

Our job as security professionals is to communicate risk to the board. But silos make connecting the metrics to the business a challenge. We need to translate the myriad assets, events and alerts into a business context but there has been no simple way to do that. 

To bridge this gap, at Tenable, we conduct an annual "Cyber Screen" survey, engaging 5% of the company to identify the most critical business functions, assets and services. This user-centric approach helps us understand what's truly essential to the business, including what needs to be operational 24/7 and what processes cannot fail. 

We combine this with business impact assessments, audits and enterprise-wide events to place our most important functions in buckets. This forms the basis of our internal "scorecard" for the board.

We designed this scorecard for simplicity, with well-understood Red, Yellow and Green areas. 

Simply put, Red signifies a critical risk, Yellow are things that need attention and Green indicates a good security posture. 

This simple, intuitive framework enables leaders to quickly grasp the actual exposure and business impact, regardless of whether they generate revenue. 

This business-centric view is paramount. And, although operational metrics are still valuable for justifying headcount and budget internally, the overarching goal is to provide business leaders and board members with a clear, concise understanding of the enterprise's security impact. They want to know: Is it Red, Yellow or Green? And naturally, their focus will be on the red items.

Takeaways

The industry hasn't yet solved this problem of data overload and fragmented reporting. 

The industry has excelled at selling more alerts and data, but it hasn't adequately helped organizations wrangle that data into meaningful, actionable intelligence. This has led many organizations to build their own "cyber data lakes" and employ dedicated cyber data analysts. It’s a commendable effort but an inefficient use of scarce cyber resources. These individuals should be solving cyber problems, not spending their time on data analytics that should be provided by vendors.

Building these custom data lakes is a significant undertaking. It often starts with seemingly "free" solutions, only to quickly escalate into substantial investments in infrastructure, expertise and countless integrations and workflows. The reality is that many large organizations have taken this path because a consolidated solution hasn't been available. 

Try as it might, the industry has not solved this problem. Attempts to figure out pieces of the problem, like Cyber Asset Attack Surface Management (CAASM) for unified asset inventory, haven’t been effective in unifying assets, risk data and context. This is where exposure management comes in. Tenable pioneered exposure management to solve the unification and context problem we defined earlier. The paradigm is shifting. And it’s shifting to exposure management.

In the next part of this blog series, I’ll look closer at how exposure management can address these very challenges, shrink the tool sprawl problem and enable a more unified, effective approach to cybersecurity.

Learn more

Check out the Tenable exposure management resource center to discover the value of exposure management and explore resources to help you stand up a continuous threat exposure management program.

The Department of Justice has announced a significant victory against cybercriminals, seizing over $2.8 million in cryptocurrency and additional assets from a Zeppelin ransomware operation. The coordinated law enforcement action targeted Ianis Aleksandrovich Antropenko, who faces federal charges for his role in deploying ransomware attacks against victims worldwide, including numerous American organizations and businesses. Major […]

The post DoJ Seizes $2.8M in Crypto from Zeppelin Ransomware Group appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in IBM Cloud Pak System up to 2.3.36. It has been classified as problematic. The impacted element is an unknown function of the component CLI. Performing manipulation results in channel accessible by non-endpoint. This vulnerability was named CVE-2023-38272. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Dell Client Platform BIOS up to 1.17.x/2.41.x/2.45.x. Impacted is an unknown function. The manipulation leads to security version number mutable to older versions. This vulnerability is documented as CVE-2025-29989. The attack needs to be performed locally. There is not any exploit available. It is recommended to upgrade the affected component.

Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about acting fast and clear before problems pile up. Clarity keeps control. Hesitation creates risk. Here are this

A critical vulnerability in the Linux kernel’s netfilter subsystem has been discovered that allows local attackers to escalate privileges through an out-of-bounds write condition. The flaw, identified as CVE-2024-53141, affects the ipset bitmap functionality and could enable unprivileged users to gain root access on vulnerable systems. CVE ID CVE-2024-53141 Affected Versions Up to commit 041bd1e4 in Torvalds’s Linux […]

The post Linux Kernel Netfilter Flaw Enables Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities

Over 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are vulnerable to two newly disclosed zero-day vulnerabilities – CVE-2025-8875 and CVE-2025-8876.  As of August 15, 2025, exactly 1,077 unique IPs have been identified as running outdated N-central versions, presenting a significant risk to managed service providers (MSPs) and their clients.  These […]

The post 1000+ Exposed N-able N-central RMM Servers Unpatched for 0-Day Vulnerabilities appeared first on Cyber Security News.

Active Directory Certificate Services (ADCS) serves as the backbone for Public Key Infrastructure (PKI) in enterprise environments, managing digital certificates […]

The post Active Directory PKI Abuse: Detecting Privilege Escalation Through ADCS appeared first on HawkEye.

Как преступники манипулируют ценными бумагами, оставаясь при этом в тени.

A vulnerability was found in Oracle Instantis EnterpriseTrack 17.1/17.2/17.3. It has been declared as critical. This affects an unknown function of the component Office Open document processor. The manipulation results in xml external entity reference. This vulnerability was named CVE-2019-12415. The attack needs to be approached locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Banking Enterprise Originations 2.7.0/2.8.0. It has been declared as critical. Affected is an unknown function of the component Core. Executing manipulation can lead to xml external entity reference. This vulnerability is registered as CVE-2019-12415. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Banking Enterprise Product Manufacturing 2.7.0/2.8.0. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component Core. The manipulation leads to xml external entity reference. This vulnerability is documented as CVE-2019-12415. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Oracle Banking Platform up to 2.9.0. Affected by this issue is some unknown functionality of the component Core. The manipulation results in xml external entity reference. This vulnerability is reported as CVE-2019-12415. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Oracle Financial Services Analytical Applications Infrastructure 8.0.6/8.0.7/8.0.8/8.0.9. This affects an unknown part of the component Infrastructure. This manipulation causes xml external entity reference. This vulnerability appears as CVE-2019-12415. The attack requires local access. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Oracle Financial Services Market Risk Measurement and Management 8.0.6/8.0.8. This vulnerability affects unknown code of the component Infrastructure. Such manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2019-12415. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Oracle Retail Predictive Application Server 15.0.3/16.0.3. The affected element is an unknown function of the component RPAS Fusion Client. This manipulation causes xml external entity reference. This vulnerability is tracked as CVE-2019-12415. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

Oracle has announced the release of VirtualBox 7.2, a major update to the popular open-source virtualization platform that introduces significant enhancements for Windows 11/Arm virtualization, comprehensive GUI improvements, and numerous bug fixes.  Released on August 14, 2025, this version marks a substantial advancement in cross-platform virtualization capabilities, particularly targeting the growing Arm-based computing ecosystem while […]

The post VirtualBox 7.2 Released With Support for Windows 11/Arm VMs and 50 Bug Fixes appeared first on Cyber Security News.

The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments giving attackers an opening.