Aggregator

当前网络环境出现异常状态，需完成验证后才能继续访问相关内容或服务。

Billions (No, that’s not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the JavaScript runtime environment Node.js‘s default package manager, had finally stopped having serious security problems, you thought wrong. This time, a two-factor authentication (2FA) phishing attack left developers frustrated, angry, and in..

The post How npm Security Collapsed Thanks To a 2FA Exploit appeared first on Security Boulevard.

An Exposure Management as a Service offering allows MSSPs to unify security visibility, insight and action across the attack surface to prioritize exposure and enable innovation that is secure and compliant. Whether you’re already leveraging Tenable Vulnerability Management as a Service or you’re just starting a service offering, we’ve got guidance for you.

Key takeaways

1. MSSPs are often caught in a reactive cycle of defending clients from incidents rather than proactively protecting them. 
    
2. Traditional siloed security tools make it virtually impossible to obtain the holistic view of a client’s environment that an attacker sees.
    
3. Leading with Exposure Management as a Service (EMaaS) means MSSPs can shift from reactive services to proactive risk reduction, bridging the gap between exposure management and breach management.

Managed Security Service Providers (MSSPs) grapple with unique challenges while protecting their clients from sophisticated cyber attacks. They’re often caught in a reactive cycle of defending organizations from incidents, leaving very little bandwidth to pursue a preventive approach. Visibility into the full breadth and depth of a client’s attack surface can be a challenge due to the siloed nature of commonly used security tools. And they may find themselves drowning in alerts and data without an effective way to analyze and prioritize actions. 

By adopting an adaptive and innovative technology such as exposure management powered by the Tenable One Exposure Management Platform, MSSPs can enhance their service offerings, delivering more effective and streamlined cybersecurity outcomes for their clients. 

Exposure Management as a Service (EMaaS) is a strategic approach that unifies visibility, prioritization and remediation across a client’s entire attack surface. By leading with EMaaS powered by Tenable, MSSPs can differentiate their offerings, drive client value and maximize ROI. This blog explores why EMaaS should be at the forefront of your service portfolio. It includes guidance for MSSPs who are already leveraging Tenable’s Vulnerability Management as a Service (VMaaS) as well as for MSSPs who are starting a new cybersecurity service.

Why should MSSPs lead with Exposure Management as a Service?

Cyber exposures include vulnerabilities and security misconfigurations in cloud and on prem assets, as well as weak human and non-human identities with excessive permissions. Attackers can exploit these exposures to move laterally within an organization, leveraging IT, OT, IoT, cloud, identities and applications.

Traditional siloed security tools make it virtually impossible to obtain the holistic view of an environment that an attacker sees. Without a contextual view, it’s difficult to effectively prioritize and optimize remediation efforts. These factors not only increase cost but also strain the resources within your Security Operations Center (SOC). Exposure management addresses this by providing a holistic view of risks, enabling organizations to take proactive measures to remediate vulnerabilities and misconfigurations so they can prevent attacks before they happen.

For MSSPs, leading with EMaaS means they shift from reactive services to proactive risk reduction by bridging the gap between exposure management and breach management. They can guide customers in investing in effective security measures that prevent breaches, cementing their role as trusted allies in the fight against cyber threats.

The Tenable One Exposure Management Platform is an AI-powered solution that consolidates data from the various tools you already use as part of your MSSP offering, including vulnerability management, cloud security, endpoint security, OT/IoT security, application security, CMDBs and more — alongside your native Tenable findings. With pre-built connectors, the platform ingests asset data and associated weaknesses from across your technology ecosystem to:

• Centralize risk data for complete, contextualized visibility.
• Reveal hidden relationships between vulnerabilities, misconfigurations and entitlements, and to expose toxic risk combinations.
• Identify remediation choke points that, if addressed, can dramatically reduce overall business risk.

Ultimately, Tenable One powered proactive exposure management  helps MSSPs to differentiate services and drive risk reduction.

Key benefits of Tenable One include:

• Unified visibility: A single pane of glass for all assets and risks reduces blind spots by up to 10x.
• Unified insights: AI-driven models like Vulnerability Priority Rating (VPR) provide critical context so your teams can focus on the most exploitable risks, cutting remediation tickets significantly.
• Attack path analysis: Maps relationships across domains to block critical paths, aligned with frameworks like MITRE ATT&CK to identify remediation choke points that, if addressed, can dramatically reduce overall business risk.
• Exposure signals: Gain visibility into your customer’s most critical risk scenarios so you can identify security control gaps and create custom exposure signals to view business-specific risks and weaknesses.
• Business-aligned reporting: Pre-built and custom dashboards and advanced analytics allow you to communicate cyber risk in business terms that your clients’ executives can understand.

By leading with EMaaS, MSSPs can architect high-performance, risk-based processes built on best practices. Learn more about partnering with us through Tenable's MSSP program.

Launching a new Exposure Management as a Service offering with Tenable

If you’re just entering the MSSP market, or are diversifying your portfolio, starting with EMaaS using Tenable One gives you a competitive edge from day one. Tenable One empowers you to help organizations secure the attack surface beyond traditional IT, including cloud infrastructure, identity, OT and AI, to deliver scalable, high-impact services while eliminating tool fragmentation risks.

Benefits include:

• Quick time-to-value: Tenable's MSSP program provides best practices for implementing risk-based processes, helping you go to market faster. Advanced features in our MSSP portal, such as creating evaluations, self provisioning and robust role-based access control (RBAC) reduces time to onboard customers and shortens billing cycles.
• Scalability and customization: Use pre-built and custom dashboards, APIs and mappings to tailor services for multi-tenant environments, ensuring client data isolation while scaling normalization.
• Differentiation through innovation: Incorporate Tenable AI Exposure into your MSSP offering to secure your customers from emerging AI threats. Key components such as AI Discovery, AI-security posture management (SPM) and AI policy enforcements address internal threats such as user AI interactions, unsanctioned AI usage and sensitive data leakage — setting your service apart.

By starting with EMaaS, MSSPs can position business growth, attracting clients seeking advanced, unified protection.

Evolving from existing Tenable VMaaS to EMaaS

If you're already offering Tenable VMaaS built on Tenable Vulnerability Management, transitioning to EMaaS is a seamless evolution. VMaaS excels at identifying and managing vulnerabilities in traditional IT environments. EMaaS expands this to a broader exposure management framework via Tenable One, with additional capabilities like Tenable Attack Surface Management, Tenable Identity Exposure, Tenable Cloud Security and Tenable AI Exposure.

Benefits include:

• Build on your foundation: You can leverage your current Tenable investments to add additional capabilities as part of service enhancements. For instance, you can integrate third-party data through AI-powered connectors for a unified view, maintaining client separation with the multi-tenanted Tenable MSSP portal.
• Enhance efficiency: Reduce manual efforts with automated workflows and generative AI recommendations for faster analysis and remediation.
• Drive cross-sell opportunities: Expanding from vulnerability management to exposure management with Tenable product upgrades helps you deliver expert-led services that significantly improve your clients’ security posture, meet compliance requirements and reduce cyber insurance.
• Outcome-based impact: You can offer EMaaS tiers to your existing clients, demonstrating value through consolidation, reduced licensing costs and faster business outcomes.

This progression allows you to increase ROI on your services by unlocking new revenue streams with an enhanced and scalable service offering. A Tenable MSSP partnership empowers you to deliver comprehensive cyber risk management outcomes that improve customer satisfaction — and we all know that happy customers are the best way to improve your profit margins.

In summary

If you are overwhelmed by siloed security tooling and threat alert fatigue and find it challenging to move from reactive to proactive cybersecurity, Tenable can help. MSSPs that lead with EMaaS using Tenable will thrive. Whether evolving from VMaaS to EMaaS or launching a new EMaaS offering, Tenable One empowers you to deliver unparalleled value through proactive exposure management. This results in stronger client relationships, operational efficiencies and a robust competitive advantage.

Ready to revolutionize your offerings? Explore Tenable's MSSP program today and start showcasing how exposure management can benefit your customers.

Want to learn more? Watch the video below:

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. [...]

Threat Attack Daily - 10th of September 2025

Ransomware Attack Update for the 10th of September 2025

A vulnerability, which was classified as critical, has been found in Google Android 12.0/13.0. This issue affects the function OnWakelockReleased of the file attribution_processor.cc. Performing manipulation results in use after free. This vulnerability is reported as CVE-2023-21096. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability marked as critical has been reported in Google Android 11.0/12.0/13.0. This impacts the function extractRelativePath of the file FileUtils.java. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2023-21093. The attack can only be performed from a local environment. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability described as critical has been identified in Google Android 11.0/12.0/13.0. Affected is an unknown function of the file LayerState.cpp. The manipulation results in permission issues. This vulnerability is identified as CVE-2023-21094. The attack is only possible with local access. There is not any exploit available. Applying a patch is advised to resolve this issue.

A vulnerability was found in Google Android 13.0 and classified as problematic. Impacted is the function canDisplayLocalUi of the file AppLocalePickerActivity.java. The manipulation results in denial of service. This vulnerability is reported as CVE-2023-21091. The attack requires a local approach. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Google Android 11.0/12.0/13.0. It has been classified as critical. The affected element is the function retrieveServiceLocked of the file ActiveServices.java. This manipulation causes permission issues. This vulnerability appears as CVE-2023-21092. The attack requires local access. There is no available exploit. It is recommended to apply a patch to fix this issue.

Why static automation isn’t enough—and what real-world adversary data tells us about how the next-gen SOC must evolve.

The post The Future of Defensible Security: From Reactive Playbooks to Attack-Pattern-Aware Autonomous Response appeared first on D3 Security.

The post The Future of Defensible Security: From Reactive Playbooks to Attack-Pattern-Aware Autonomous Response appeared first on Security Boulevard.

 

Knowing when to hire a CISO is a challenging proposition – one which most organizations will eventually need to answer.

The need to hire a CISO depends on a combination of factors, including but not limited to:

• Relevance of regulatory requirements

• Size of the organization

• Complexity of operations

• Sensitivity of data handled or processed

• Desired risk tolerance – adversity to downtime, breaches or transaction tampering

• The kinds of threat archetypes targeting them

• Prevailing domestic and international laws

• Competitors’ security posture

• Previous or ongoing cybersecurity incidents and near-misses

• Expectations from investors, customers, partners, and the Board

• Current state of the security culture and oversight

Based on these considerations, my recommendation can range from: ‘you should already have a CISO in place’ to a future condition, such as ‘when you transition from MVP to production, plan to hire a CISO to build policies and embed security into development processes.’

In many startups, cybersecurity oversight is initially handled by other roles, such as the CIO, CTO, engineering, or even an outsourced 3rd party. This can work well for a time, but not always, and at some point, the responsibilities should be transitioned to a dedicated professional that is proficient in the multiple disciplines of cybersecurity.

There is a real risk that these early leaders come to believe they are doing a great job, not realizing what they are missing or the pitfalls ahead. It is the Dunning-Kruger effect, where inexperienced people overestimate their skills, due to a lack of knowledge. In such cases, organizations may defer hiring an experienced cybersecurity leader until it is too late and a grievous incident reveals such shortcomings.

For growing startups, a fractional CISO is often a great option that reduces overall costs while still benefiting from a very experienced professional. Quality does matter when it comes to cybersecurity leadership. While a full-time expert CISO will cost in the mid 6-figures, an expenditure that startups typically cannot afford, smaller organizations don’t actually require a significant time commit from a seasoned CISO. So, a fractional CISO is a great compromise where the enterprise gains the advantages of a proficient leader and the overall cost is distributed across several of the CISOs clients, making it affordable for everyone involved. The big mistake is to forego adding the needed expertise or to hire an inexperienced CISO at a lower salary, which often ends in disaster.

Larger organizations with complex needs, require a full-time CISO and a supporting staff. The greater the demands and scope, the more resources and specialized skills are needed to sustain the capability at a consistent and comprehensive level, while adapting to evolving risks.

Ultimately, the right time to hire a CISO depends on where your organization is in its growth and risk journey—but waiting too long often proves more costly than acting early.

What considerations do you think are important when deciding to hire a CISO?

The post When is the Right Time to Hire a CISO? appeared first on Security Boulevard.

The Oregon senator said Microsoft’s default settings for Windows and other products are enabling ransomware attacks, like the one against Ascension hospital system in 2024. 

The post Wyden calls on FTC to investigate Microsoft for ‘gross cybersecurity negligence’ in protecting critical infrastructure appeared first on CyberScoop.

Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. The vulnerability is an improper input validation flaw. “The bug, dubbed […]

A vulnerability classified as critical has been found in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. This vulnerability is registered as CVE-2025-9847. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. This vulnerability is documented as CVE-2025-9848. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is traded as CVE-2025-9919. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as problematic has been found in Cisco Unified Communications Manager. The affected element is an unknown function of the component Web-based Management Interface. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-20326. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.