Aggregator

ISC.AI 2025议程抢先看！

开启智能化时代新篇章！ISC.AI 2025主题正式官宣：ALL IN AGENT

A critical new threat targeting Microsoft SharePoint servers through a sophisticated exploit chain dubbed “ToolShell.” This multi-stage attack combines previously patched vulnerabilities with fresh zero-day exploits to achieve complete system compromise, affecting SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Key Takeaways1. ToolShell exploits four SharePoint CVEs (two patched, two zero-days) […]

The post New “ToolShell” Exploit Chain Attacking SharePoint Servers to Gain Complete Control appeared first on Cyber Security News.

Tea, a women-only dating safety app that allows users to review and share information about men they’ve dated anonymously, has suffered a significant data breach that exposed approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted during account verification. The breach was discovered at 6:44 AM PST on Friday, July 25th, […]

The post Women’s Dating App “Tea” Data Leak Exposes 13,000 User Selfies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look at the results of a survey taken during a recent Tenable webinar on hesitations around exposure management. You can read the entire Exposure Management Academy series here.

The concept of a unified exposure management platform that consolidates all risk data into a single view makes a lot of sense. The promise is real: reduce noise, improve prioritization and align security efforts with business objectives. 

In a recent webinar, Security Without Silos: Gain Real Risk Insights with Exposure Management Upsized, attendees showed significant interest in this approach. More than a quarter of the audience said they are either actively implementing or exploring an exposure management program. 

Adopting any new enterprise-wide platform can seem daunting, and Tenable’s live polling confirmed the key sources of hesitation. 

When asked about their biggest concerns regarding the implementation of an exposure management platform, attendees were clear: 27% were concerned about demonstrating ROI and value, 25% wondered about integration complexity with existing tools and 18% worried about time and resources required for deployment. 

Exposure management hesitations

Source: Tenable webinar poll of 89 respondents, April 2025

These issues are valid concerns that deserve direct answers. Let's tackle the top three one by one, using insights from the webinar to show how a modern approach to exposure management can help overcome these challenges.

1. Proving ROI to leadership

Securing budget dollars for any technology requires a clear view into the value it will provide to the organization. But ROI for security tools can sometimes feel hard to pin down. So, how do you translate technical findings into business value?

Above all, unified exposure management drives efficiency, consolidating work and tools under an umbrella program. With a single data store, the tools work more efficiently, security teams can focus on high-value areas and constituents around the enterprise get the information they need in unified dashboards.

That sounds good. But you need to scale. Mention that word to any tech or finance leader and all they’ll see are dollar signs. It usually means more licenses, more tech resources and more headcount. And it definitely doesn’t help you build your ROI argument. In fact, it’s often a great recipe for blowing your budgets out of the water. 

This is where an exposure management platform can help. 

Rather than continuing the typical linear, siloed approach, an exposure management platform requires only a portion of your available staff and budget to scale security horizontally. It extends visibility across all assets and risks in your attack surface by collecting data across your disparate tools. Then it adds critical context that can identify and prioritize the exposures that matter. 

When it comes to showing ROI, the ability to consolidate and scale efficiently are hard to beat.

2. Integration with existing tools will be too complex

The fear of a complex integration often stems from past experiences with legacy systems that required deploying more agents, cumbersome network changes and brittle custom scripts. 

Many worry that a new platform will only add to their technical debt.

The reality is that modern exposure management platforms are fundamentally different. As the webinar showed, these systems are built on an API-first philosophy. 

Rather than ripping and replacing your existing security stack, a platform like Tenable One is designed to ingest data from it. Through pre-built connectors and flexible APIs, it pulls findings from your existing endpoint detection products, cloud security tools and other security solutions. 

This approach consolidates your security data without adding intrusive agents, making the integration process far less complex than anticipated.

3. We don't have the time or resources for a massive deployment

Time and resources may be the most common barrier to change. With teams already stretched thin — a fact confirmed by 55% of attendees who cited resource constraints — the idea of a months-long, "big bang" deployment is a non-starter.

Pragmatism is the key. 

As the webinar showed, you don’t have to "boil the ocean.” A successful exposure management implementation is not an all-or-nothing affair. 

The best approach is to start small and scope the program for a feasible, high-impact win. Focus on a single team, a specific business unit or one critical use case. Maybe building a unified asset inventory for your cloud infrastructure would be a good start. 

By showing success in one area, you can build momentum, secure broader buy-in and expand the program organically over time. This phased approach respects your team's limited resources while delivering incremental value.

Although the concerns around implementing a new program are understandable, a modern, pragmatic approach to exposure management can address them and offer a path to reduced risk and demonstrable value. In the analyst report titled How to grow vulnerability management into exposure management, you can learn the best ways to get started.

Takeaways

ROI is achievable with a unified exposure management platform. It drives efficiency through proactive cyber hygiene, enables risk-based prioritization to identify "choke points" and offers unified dashboards for business-centric reporting. 

As an API-first platform with pre-built connectors, exposure management simplifies integration. Best of all, you can deploy in phases. Start small with a single team or critical use case and then translate that success into a broader program.

Learn more

• Check out the Tenable exposure management resource center to discover the value of exposure management and explore resources to help you stand up a continuous threat exposure management program.

Партнёрская сеть Microsoft под подозрением.

Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload.

本文的由来是因为去年本人丢失了2.4G usb收发器，询问客服发现无法单配，于是打算试试能不能自己做一个2.4G usb收发器，但由于后期发现开源的方案灵活度更高，于是没有继续逆向下去，但既然研究过了，就整理下之前的研究成果发上来。

Niagara框架现致命漏洞，威胁全球智能系统

看雪论坛作者ID：福建炒饭乡会

议题火热征集中，欢迎投稿

面对动态变化的IT环境，传统渗透测试因时效性局限无法提供持续保护。

如何从文本或图像中创建具有沉浸感和可交互性的三维世界，始终是计算机视觉与图形学领域的核心挑战。现有世界生成方法主要分为两类：基于视频的方法虽能提供丰富的多样性，却缺乏三维一致性且渲染效率低下；基于三维几何的方法虽能保证几何一致性，却受限于训练数据不足和内存效率低下的表征方式。为突破这些局限，腾讯开发者提出 HunyuanWorld 1.0 框架——一种融合双方优势的创新方案，能根据文本与图像条件生成兼具沉浸感、可探索性与交互性的三维世界。本方法具有三大核心优势：（1）通过全景世界代理实现 360°沉浸式体验；（2）支持网格导出功能，可与现有计算机图形管线无缝兼容；（3）采用解耦式物体表征以增强交互性。该框架的核心在于语义分层的三维网格表征技术，通过将全景图像作为 360°世界代理进行语义感知的世界解构与重建，从而生成多样化的三维场景。大量实验表明，本方法在生成连贯、可探索且可交互的三维世界方面达到最先进水平，同时可广泛应用于虚拟现实、物理仿真、游戏开发及交互式内容创作等领域。

XCon2025安全焦点信息安全技术峰会将于8月22日，在北京民航国际会议中心燃动启幕

The tech giant’s model is built around anticompetitive practices, the head of the Coalition for Fair Software Licensing argues.

The post Microsoft’s software licensing playbook is a national security risk appeared first on CyberScoop.

美国网络司令部强化网络攻防作战的基础设施开发