Aggregator

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we learn about life before and after exposure management, from members of Tenable’s own security team. You can read the entire Exposure Management Academy series here.

If you’re a cybersecurity pro, you know the drill: You log in to face a deluge of alerts from a dozen (or more!) different tools. Armed with little more than a cup of coffee and a protein bar, you forge ahead into the sea of red.

One system flags a cloud misconfiguration. Another finds a critical vulnerability. Oh, and all the while, the vulnerability management dashboard is still glowing scarlet. Like you need that reminder.

Recently, two members of the Tenable cybersecurity team, Saeed Elahi, Head of Cyber Risk and Assurance, and Arnie Cabral, Senior Staff Information Security Engineer, joined a webinar, How Tenable Optimized Security Effectiveness and Efficiency with Exposure Management, to share their journey from the kind of security chaos we just described to the clarity that comes with exposure management.

The organizational drag of disparate data

Elahi and Cabral described the initial state of their cybersecurity program. If you’re in cybersecurity, the story will ring a few bells. Like many of their peers, their security organization was built around silos. There were dedicated teams for identity management, application security and cloud infrastructure. They operated pretty well within their own domains. But each used specialized tools. 

Elahi described this structure as creating “organizational drag,” with inefficient communication and challenges aligning priorities across the organization.

A visualization of the organization looked like a plate of spaghetti. But rather than a delectable Bolognese, this was a chaotic web, with data from a dozen security tools flowing from various engineering and IT teams. A lack of central aggregation made getting a unified view of the organization’s risk posture an impossibility. 

Before exposure management

Source: Tenable, 2025

Three significant challenges arose from the silos:

• Data overload: Alerts were unrelenting and impossible to wrangle, with multiple tools often flagging the same problem on the same asset. This added up to duplicate work and overwhelmed analysts.
• No attacker’s view: Cabral said that, although internal sensors were robust, the siloed data didn’t see the whole picture. He added that not being able to see things from the bad guy’s perspective put them at a disadvantage because they couldn’t see how an attacker could piece together disparate weaknesses or exploit shadow IT assets.
• Too many manual tasks: Engineers were consumed by low value tasks like pulling data, consolidating it in a spreadsheet and correlating the findings. Daily life was a struggle to balance the need to understand the piles of data streaming in with equally critical security work.

The change catalyst

The turning point came when CSO Robert Huber issued a clear directive: Get everything into one place. And do it now!

The mandate forced a rethink. The old processes and technologies needed a thorough overhaul, and that meant the vulnerability management team went from managing about five tools to two- to three-times that number. 

Like many engineers, their first thought was to build a new solution themselves. So, using a business intelligence tool, they made a valiant effort to create a custom dashboard that would unify all their security data. There’s often nothing as bracing as a first effort that doesn’t quite work. That was the case here. It was simply not feasible. 

Cabral said the effort was "taking too long and costing too much money." Two months in, data was still siloed and all they’d done was some testing. 

Soon, Elahi and Cabral had a strategic realization. A security program shouldn’t turn its engineers into full-time software developers. Instead, with limited resources, the team needed to focus on securing the company. So they started looking for a dedicated platform. And the solution was right in front of them.

The pivot: Finding the signal with exposure management 

The team quickly moved to adopt a Continuous Threat Exposure Management (CTEM) program, in which an exposure assessment platform helped lead to a fundamental redesign of their workflow. They transformed that chaotic spaghetti diagram into an elegant, logical model with all security tools feeding into a single, intelligent system. 

After exposure management

Source: Tenable, 2025

Those pesky silos, including everything from vulnerability scanners to cloud security agents, were essentially a thing of the past.

With this unified platform in place, the team gained a few powerful capabilities:

• Complete visibility: The team said that the unified platform provided an immediate and complete picture of the attack surface. They discovered “thousands upon thousands” of assets they didn’t know existed.
• Smart deduplication: The way the platform is able to understand context changed the game for the team. When three tools flagged the same vulnerability on the same server, those findings were consolidated into a single alert.
• Automated workflow: The shift eliminated all that manual drudgery. Cabral said the platform now handles the “dirty work” of automatically correlating findings and prioritizes them based on factors like exploitability and asset criticality. It also creates a single, actionable JIRA ticket that automatically goes to the right team.

Talk about night and day, right? The old problem of more noise than signal was finally solved. That flood of alerts was reduced to a trickle. And finally, the security team had a short, clear list of exactly what needed to be fixed and why.

Takeaways: Quantifiable results and reclaimed time

The results of the transition were immediate and quantifiable.

One dramatic metric jumped out. The team was able to reduce thousands of raw security alerts into just 10 actionable tickets. You read that right. It’s a pretty powerful demonstration of the value of exposure management. 

But the benefits didn’t end there. 

The team’s overall productivity doubled and reports that once took days of manual effort became available in seconds. 

The most significant (and positive!) impact was on the team itself. Freed from all the manual administrivia, engineers could finally be engineers again. They had time to focus on more specialized, engaging, high-value work like threat hunting. 

The journey of Tenable's cybersecurity team shows how security operations have evolved. By moving from a siloed, reactive model to unified exposure management, they were able to eliminate noise, increase efficiency and ultimately strengthen the company’s security posture.

Learn more

Check out the Tenable exposure management resource center to discover the value of exposure management and explore resources to help you stand up a continuous threat exposure management program.

SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-32724) can also be leveraged to force public DCs to participate in distributed denial-of-service (DDoS) attacks. Win-DDoS – as the researchers dubbed this new attack technique – hinges on the attackers’ ability to trick public DCs into connecting to a Lightweight Directory Access Protocol (LDAP) server they set up, … More →

The post Win-DDoS: Attackers can turn public domain controllers into DDoS agents appeared first on Help Net Security.

In recent months, security researchers have observed a novel phishing campaign targeting macOS users under the guise of a CAPTCHA verification process. This attack, dubbed “ClickFix,” leverages a blend of social engineering and operating system detection to coax victims into executing malicious commands directly in their terminals. By mimicking legitimate Cloudflare-style checks, the malware avoids […]

The post ClickFix Malware Attacks macOS Users to Steal Login Credentials appeared first on Cyber Security News.

刚刚发布的 Debian 13 正式加入了对  RISC-V CPU 架构的支持，而下一个版本考虑正式支持龙芯的 LoongArch CPU 架构。Debian 14 代号为 Forky，预计将在 2027 年发布。Debian 发布团队在邮件列表上表示，他们准备在不久之后接受为 Loong64 构建的软件包。

ЕС защитил журналистов от слежки, но может проиграть войну за свободу слова.

ClickFix has emerged as one of the most dangerous and rapidly growing cybersecurity threats of 2025, representing a sophisticated evolution in social engineering attacks. This deceptive technique has surged by an unprecedented 517% in the first half of 2025, becoming the second most common attack vector after phishing and accounting for nearly 8% of all […]

The post What is ClickFix Attack – How Hackers are Using it to Attack User Device With Malware appeared first on Cyber Security News.

K7 Labs investigated the Cmimai Stealer, a Visual Basic Script (VBS)-based infostealer that surfaced in June 2025 and uses PowerShell and native Windows scripting to secretly exfiltrate data. This is a recent development in the cybersecurity environment. This malware, first highlighted in a tweet, operates as a lightweight threat actor tool that circumvents execution policies, […]

The post Silent Watcher Targets Windows Systems, Steals Data via Discord Webhooks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

For the latest discoveries in cyber research for the week of 11th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Air France has experienced a data breach that resulted in unauthorized access to customer data through a compromised external customer service platform. The attack exposed personal information, including names, email addresses, phone […]

The post 11th August – Threat Intelligence Report appeared first on Check Point Research.

赶快安装PQMagic-Python，成为后量子时代的魔法师吧！

Linus Torvalds 在内核邮件列表上宣布释出 Linux 6.17-rc1，最引入瞩目的一个变化是 Bcachefs 维护者 Kent Overstreet 递交的任何 pull request 都没有被接受。此前 Linux 作者和 Bcachefs 维护者之间曾爆发冲突，Linus Torvalds 表示考虑移除 Bcachefs 文件系统。新版的主要变化包括：标准化部分笔记本电脑上的性能提升（Performance Boost）键的键码值；gconfig 内核配置编辑器使用 GTK3，改进 Rust 语言支持，新的 GPU、ARM 和 RISC-V SoC 支持，等等。

The U.S. Department of Justice charged four Ghanaian nationals for their roles in a massive fraud ring linked to the theft of over $100 million in romance scams and business email compromise attacks. [...]

Debian GNU/Hurd снова в игре — Релиз 2025 делает систему быстрее и ближе к Linux.

This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking—if defenses aren’t updated regularly, it could lead to serious damage. The

A critical security vulnerability in smart bus systems has been discovered that enables hackers to remotely track vehicle locations and potentially take control of essential functions, according to new research presented at DEF CON 33. The findings expose significant risks to public transportation infrastructure and passenger safety worldwide. Security researcher Chiao-Lin Yu demonstrated how widespread […]

The post Smart Bus System Flaw Allows Hackers to Remotely Track and Control Vehicles appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A New Breed of Cyber Threat A new ransomware strain is making waves, not just for its technical prowess but also for the mystery behind its name: BERT Ransomware. As businesses and individuals race to defend themselves against increasingly complex attacks, BERT stands out for blending classic ransomware tactics with modern evasion techniques. But what […]

The post BERT Ransomware first appeared on StrongBox IT.

The post BERT Ransomware appeared first on Security Boulevard.

Four senior members of a Ghana-based criminal network have been indicted for stealing over $100 million through romance scams and BEC frau

CastleLoader, a sophisticated malware loader, has compromised over 400 devices since its debut in early 2025, with cybersecurity firm PRODAFT reporting 469 infections out of 1,634 attempts by May 2025, achieving a staggering 28.7% success rate. This modular threat actor leverages advanced phishing techniques, including Cloudflare-themed ClickFix lures and deceptive GitHub repositories, to deploy a […]

The post CastleLoader Malware Hits 400+ Devices via Cloudflare-Themed ClickFix Phishing Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.