All news with #tenable tag

🔒 Tenable Research disclosed nine cross-tenant vulnerabilities, collectively named LeakyLooker, in Looker Studio that could allow attackers to run arbitrary SQL and access datasets across tenants. The flaws affected connectors including BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets and Cloud Storage and involved SQL injection, data leaks via report elements and a BigQuery denial-of-wallet issue. Google has applied global fixes to its fully managed service and no customer action is required, though organisations should review sharing settings and limit unused connectors.

🔒 Security researchers at Socket uncovered four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — that target ASP.NET developers to steal Identity data and manipulate authorization rules. The packages, published in August 2024 by user hamzazaheer and downloaded over 4,500 times before removal, deploy a localhost proxy and stage payloads to relay stolen data to an external C2. Separately, Tenable disclosed a malicious npm package ambar-src that used a preinstall hook to drop cross-platform malware (Windows, Linux, macOS), enabling full-system compromise and data exfiltration.

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.

🔒 Researchers at Tenable identified seven techniques that can coerce ChatGPT into disclosing private chat history by abusing built-in features like web browsing and long-term Memories. They show how OpenAI’s browsing pipeline routes pages through a weaker intermediary model, SearchGPT, which can be prompt-injected and then used to seed malicious instructions back into ChatGPT. Proof-of-concepts include exfiltration via Bing-tracked URLs, Markdown image loading, and a rendering quirk, and Tenable says some issues remain despite reported fixes.

🔐 Tenable and Qualys reported limited unauthorized access to parts of their Salesforce records after attackers stole OAuth tokens from the Salesloft Drift integration. The incidents exposed support-case subject lines, initial descriptions and basic business contact details, but neither vendor's products or core services were affected. Both firms disabled the Salesloft Drift app, revoked or rotated credentials, and said they are working with Salesforce and investigators to contain the impact.