Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF
Building Custom Scenarios with CNAPPgoat
You can now construct and import your own vulnerability scenarios into…
The MGM Breach and the Role of IdP in Modern Cyber…
A deep dive into the recent MGM breach and our insights into the actor…
What’s New with CNAPPgoat?
Read about the newest, expanded features in the Ermetic [now Tenable C…
3 Cloud IAM Security Questions You Must Be Able to Answer
It doesn’t matter if it’s AWS, GCP or Azure IAM, cloud deployment is redefining the work of IAM professionals
3 Types of Cyber Attackers: Which Organizations Do They Target?
Is an attacker interested in your organization? Probably. Deconstructing the PoV of cyber attackers is key to defending your turf.
3 Ways to Reduce the Risk from Misused AWS IAM User Access Keys
Used incorrectly, AWS IAM User Access Keys can pose high risk; the good news is that great alternatives, explored here,…
Stronger Together: Writing a New Chapter in Cloud Security
We’re excited to share that Tenable has announced intent to acquire Ermetic.
The Benefits of Cloud Entitlement Management
Cloud identities and entitlements pose grave challenges – learn about the benefits of CIEM solutions and KPIs for measuring them
CNAPPgoat: The Multicloud Open-Source Tool for Deploying Vulnerable-by-Design Cloud Resources
All about CNAPPgoat, our open-source project designed to modularly provision vulnerable-by-design components in cloud environments.
The Next Step in the IMDSv1 Redemption Journey
Learn about AWS’s new open source library for enforcing IMDSv2 and Tenable Cloud Security’s new lab for trying it out
Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges
Learn how an AWS service usage and permissions combination discovered by Ermetic [now Tenable Cloud Security] may increase risk upon…
Terraform Lab: Taking the New VPC Endpoint Condition Keys Out for a Spin
Our new open source Terraform project offers hands-on experience with VPC endpoints and demos AWS’s new condition keys for securing…
The Azure Metadata Protection You Didn’t Know Was There
Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration
Uncovering 3 Azure API Management Vulnerabilities – When Good APIs Go Bad
Learn how now-patched Azure API Management service vulnerabilities revealed by our research team enabled malicious actions
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.
The Ermetic [now Tenable Cloud Security] research team discovered a remote code execution vulnerability affecting Function Apps, App Service, Logic…
The Default Toxic Combination of GCP Compute Engine Instances
By default, compute instances in GCP are prone to a toxic combination that you should be aware of, and can…
How Attackers Can Exploit GCP’s Multicloud Workload Solution
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to…
The Advanced Risk of Basic Roles In GCP IAM
Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using…