Aggregator

You must login to view this content

You must login to view this content

You must login to view this content

The way organizations think about application security is shifting—fast. OX Security Co-Founder and CEO Neatsun Ziv talks about why the old playbook of “scan, list, and hand over to developers” has run its course. Ziv explains how the flood of vulnerabilities—now averaging close to 100 new disclosures daily—collides with today’s resource-strapped security teams. Add to..

The post Cutting Through AppSec Noise in the Age of GenAI appeared first on Security Boulevard.

Workado publicly claimed its AI content detector could accurately determine whether a piece of text was generated by AI in 98% of cases. The FTC said its "no better than a coin flip."

The post Workado settles with FTC over allegations it inflated its AI detectors’ capabilities  appeared first on CyberScoop.

Cybersecurity conversations often focus on the latest threats, breaches, or AI-powered responses. But beneath the surface of every high-profile attack lies a quieter, more persistent challenge: fragmentation. Disconnected security tools, siloed data, and piecemeal visibility have become the norm—and the cost of that fragmentation is far greater than most organizations realize. Fragmentation Is the Enemy..

The post The Hidden Costs of Fragmented Security Infrastructure appeared first on Security Boulevard.

A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […]

The post WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users appeared first on Cyber Security News.

Operational technology (OT) security is no longer a niche concern—it’s front and center in today’s cyber conversations. At Black Hat this year, OT had a real moment, signaling that protecting critical infrastructure has finally caught the broader security community’s attention. Rick Kaun, global director of cybersecurity services at Rockwell Automation, unpacks what makes OT security..

The post Why OT Security Demands Context, Not Just Controls appeared first on Security Boulevard.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Thread Meeting’ appeared first on Security Boulevard.

This week’s cyber threat landscape highlights the convergence of fresh vulnerability disclosures, ongoing exploitation of unpatched systems, and the creative […]

The post Weekly Threat Landscape Digest – Week 35 appeared first on HawkEye.

An analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws.

Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding state-sponsored threat actor activity associated with the People’s Republic of China (PRC).

On August 27, the National Security Agency (NSA) published a joint cybersecurity advisory (CSA) authored and co-authored by a number of security agencies from the United States, Australia, Canada, New Zealand, United Kingdom, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland and Spain. This CSA provides guidance on PRC state-sponsored threat actor activity and provides tactics, techniques and procedures (TTPs) utilized by these advanced persistent threat (APT) actors. These malicious actors have routinely targeted critical infrastructure, including telecommunications providers, but have also been observed attacking government, transportation, military and lodging entities. While the CSA provides some vulnerabilities exploited by these actors, it’s clear that this is not an exhaustive list and organizations need to continue to be vigilant in addressing known and exploitable vulnerabilities which are often abused for initial access to a victims network.

Is this activity associated with Salt Typhoon?

The CSA states that the associated activity “partially overlaps” with Salt Typhoon (also known as OPERATOR PANDA, RedMike, UNC5807, GhostEmperor and more), however, it does not specifically attribute this activity to any one threat actor.

We published a blog post in January 2025 about Salt Typhoon, analyzing the vulnerabilities used by this threat actor. The overlap between the CVEs confirmed to be used by Salt Typhoon and this CSA includes a pair of Ivanti Connect and Policy Secure vulnerabilities, CVE-2023-46805 and CVE-2024-21887, which are used as part of an exploit chain.

As the threat activity discussed in the recent CSA is more generally attributed to PRC state-sponsored actors, we recommend reviewing the blogs we have published on Volt Typhoon and the top 20 CVEs exploited by PRC state-sponsored actors. These blogs include CVEs known to be used by PRC actors, notably including Fortinet firewalls, Microsoft Exchange server and other applications and devices that are referenced in the CSA.

What are the vulnerabilities known to have been exploited in these attacks?

According to the CSA, the Chinese state-sponsored threat actors are having “considerable success exploiting publicly known common vulnerabilities and exposures (CVEs)” with the following CVEs being listed as used by these threat actors to gain initial access:

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on August 29 and reflects VPR at that time.

Are there proofs-of-concept (PoCs) available for/these vulnerabilities?

Yes, all of the vulnerabilities referenced in the CSA have PoCs available.

Are patches or mitigations available for these CVEs?

Yes, each of the vendors for these products has released patches and, in many cases, mitigation guidance that may be used if immediate patching is not feasible. However, given that these vulnerabilities have been exploited in the wild, many of them over several years, full remediation of these vulnerabilities should be completed as soon as possible.

Advisory

Cisco Talos Blog

How many devices remain vulnerable to these six CVEs?

From an analysis of Tenable telemetry data, we found that a significant number of devices remain unremediated and pose a major risk to the organizations that have yet to successfully patch. As noted in the CSA, these “APT actors may target edge devices regardless of who owns a particular device.” Even in cases where an impacted entity is not a target of interest, these actors may still use compromised devices to conduct additional attacks on targeted networks.

In our analysis, we found that Cisco devices had surprisingly significant counts of unpatched devices. For CVE-2023-20273 and CVE-2023-20198, 40% of devices remain unmitigated, while 58% of devices scanned remain vulnerable to CVE-2018-0171.

In stark contrast, only around 14% of devices have yet to remediate CVE-2024-21887 and CVE-2023-46805. For Palo Alto devices, only around 3% of devices have yet been patched for CVE-2024-3400.

Given the mixed remediation rates amongst these six CVEs, it’s imperative that organizations quickly mitigate these threats and ensure their devices are fully up to date. As the CSA notes, these threat actors are not reliant on zero-day vulnerabilities, but rather continue to target known and exploitable vulnerabilities on edge devices in order to gain initial access to their victims' networks.

Have any of these CVEs been classified under Tenable’s Vulnerability Watch?

Yes, we have classified several of the CVEs referenced in this CSA under our Vulnerability Watch:

CVE-2023-20273 and CVE-2023-20198 were not classified prior to the publication of this CSA, as we began our Vulnerability Watch classifications at the start of 2024. We have been publishing Cyber Exposure Alert content since late 2018, and published a blog post for CVE-2023-20198 and CVE-2023-20273 on the same day the advisory was released. We recently added CVE-2018-0171 following an FBI alert.

As a result of this CSA, we have classified all six CVEs as Vulnerabilities Being Monitored. For more information about Vulnerability Watch, please visit our blog, Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help.

Have any of these CVEs been added to the CISA KEV?

Yes, each of these CVEs has been featured in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog.

Has Tenable released any product coverage for these vulnerabilities?

Yes, plugin coverage is available for each of these CVEs. A list of Tenable plugins for these vulnerabilities can be found on their individual CVE pages:

• CVE-2024-21887
• CVE-2023-46805
• CVE-2024-3400
• CVE-2023-20273
• CVE-2023-20198
• CVE-2018-0171

This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

In addition to these CVEs, we also recommend scanning with plugin ID 105161 to identify if Cisco Smart Install is enabled on any Cisco devices in your network. As noted in the CSA, disabling the Cisco Smart Install feature is highly recommended. In an update to the security advisory for CVE-2018-0171 on August 20, 2025, Cisco noted that they are ”aware of continued exploitation activity of the vulnerability that is described in this advisory and strongly recommends that customers assess their systems and upgrade to a fixed software release as soon as possible.”

Tenable Attack Path Analysis techniques

The following are a list of associated Tenable Attack Path Analysis techniques for the TTPs discussed in the CSA:

T1190_Aws

T1190_WAS

Tenable Identity Exposure Indicators of Exposure and Indicators of Attack

The following are a list of Indicators of Exposure and Indicators of Attack for Tenable Identity Exposure:

C-ADM-ACC-USAGE

C-ADMIN-RESTRICT-AUTH

C-LAPS-UNSECURE-CONFIG

C-AAD-PRIV-SYNC

C-USERS-REVER-PWDS

APPLICATION-ALLOWING-MULTI-TENANT-AUTHENTICATION

ABILITY-OF-STANDARD-ACCOUNTS-TO-REGISTER-APPLICATIONS

C-EXCHANGE-VERSION

C-DANGEROUS-TRUST-RELATIONSHIP

C-ACCOUNTS-DANG-SID-HISTORY

C-GUEST-ACCOUNT

GUEST-ACCOUNTS-WITH-EQUAL-ACCESS-TO-NORMAL-ACCOUNTS

UNRESTRICTED-GUEST-ACCOUNTS

GUEST-ACCOUNT-WITH-A-PRIVILEGED-ROLE

Additional MITRE ATT&CK Resources

• Joint CSA: Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
• Tenable blog: Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
• Tenable Blog: CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
• Tenable Blog: CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild
• Tenable Blog: CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild
• Tenable Blog: Proof of Concept (and Patch) for Critical Cisco IOS Vulnerability: CVE-2018-0171
• Tenable Blog: Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
• Tenable Blog: Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)

Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.