Podcasts are now produced by commercial broadcasters, individuals and companies with no connection to broadcasting. In fact anyone with something to say, and a few pounds to spend on the equipment to say it, can get involved.

The digital audio files are cheap to produce and, thanks to the internet, easy to distribute.

complete article

Young Enterprise Scotland, which has 31 staff, accuses the Scottish government of failing to follow through on funding assurances

Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.

Imagine a bustling bank, made not of bricks and mortar, but of a swirling mass of data in the cloud. Account numbers, transaction histories and personally identifiable information (PII) zip across servers, powering the financial world. Holding all this sensitive data requires tremendous care. Therefore, securing this sensitive information is paramount.

This is where Tenable Cloud Security steps in, offering a data security shield specifically designed for the unique needs of financial institutions.

The challenge: A data deluge demands vigilance

Financial institutions generate massive volumes of data daily. While the public cloud offers unparalleled capacity to store such data, along with agility and scalability, the cloud also expands the attack surface. Legacy cybersecurity solutions are often unable to manage — let alone secure — the sheer volume of data and the variety of ways it is accessed, leaving organizations exposed to malicious actors. At the same time, financial institutions must keep up with new and evolving compliance standards and regulations set forth by governing bodies. Financial institutions need a security platform that helps them protect their data and maintain compliance.

Tenable Cloud Security’s advantage: Seeing beyond the walls

Tenable Cloud Security actively scrutinizes every corner of the cloud data vault, continuously and automatically.

"Without [Tenable Cloud Security], we would've been virtually blind to risks and threats impacting our sensitive data. [Tenable Cloud Security] allows us to preempt any issues and meet the requirements we're receiving from our business partners, with minimal effort.

— VP Security at a leading Fintech platform

Here's how Tenable empowers financial institutions:

• Protecting sensitive data: Tenable doesn't just guard the door; it knows what's inside and how to best protect it. It identifies and labels all data, like financial records and social security numbers, understanding its sensitivity and prioritizing its protection.
• Continuous monitoring: Imagine guards constantly scanning every inch of the vault. Tenable does the same digitally, using advanced technology to constantly search for suspicious activity and potential breaches. Any unusual movement of the data, either exfiltration or copying to a different and inaccessible location, triggers an alarm, allowing for immediate intervention.
• Policy enforcement: Just like a vault needs clear access protocols, so does your data. Tenable automates setting and enforcing cybersecurity policies across the entire cloud, ensuring everyone plays by the book and no unauthorized hands touch the valuables.
• Following mandated regulations: Financial institutions juggle a complex set of regulations and industry standards like the Payment Card Industry Data Security Standard (PCI-DSS). Tenable simplifies compliance with a host of international regulations by providing timely reports and audit trails.

Beyond traditional security: More than just a lock

Modern technology stacks for data storage require a modern cybersecurity stack. Traditional security solutions are unable to address the unique risks associated with storing data in cloud technologies. Financial organizations that leverage Tenable’s data security platform are able to meet existing and future challenges, including:

• Preventing data loss: Early detection and prevention of unauthorized data access can help organizations minimize financial losses and reputational damage, keeping valuable assets safe from even the most cunning thieves.
• Complying with regulations: Automated reports and adherence to the most stringent regulations and industry standards ensure compliance, saving time and resources.
• Automating workflows: Tenable automates tasks and provides deeper insights into how data behaves, enabling organizations to free up their valuable resources for other endeavors and make their security teams more efficient.
• Managing access: Just like knowing who has access to the vault is crucial. Tenable tracks who and what has access to data, ensuring only authorized parties can handle the data.

The future of financial security is data-centric

Tenable Cloud Security's data-centric approach positions it as a valuable partner, not just for guarding the perimeter but for understanding the inner workings of the vault and the most sensitive data within it. By leveraging Tenable’s capabilities, financial institutions can confidently embrace the cloud while ensuring the highest level of security for their most valuable assets — their data.

To learn more about how you can secure your data

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security in a Unified Cloud Security Solution
• Infographic: When CNAPP met DSPM
• Demo Video

 New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States. Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” said Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks.” 

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data. 

Weak SSL/TLS encryption 

A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure

Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption 

There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user's browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk

The identification of over 2,000 API v3 out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

“The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk” Ng added. “By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Notes to Editors:

1. Tenable examined the top 12-16 BFSI companies discoverable based on market cap. 
2. In the context of this alert:

• An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
• The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

• EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
• Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
• Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurityon September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, announced today that Shelly Raban, senior cloud security researcher for Tenable, will give a presentation at fwd:cloudsec Europe 2024, taking place on 17 September, 2024 in Brussels, Belgium.

During the session titled, “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and Beyond),” Raban will explore techniques adversaries use to exploit modern policy-as-code and Infrastructure-as-code (IaC) domain-specific languages (DSLs), compromise cloud identities and exfiltrate sensitive data. Raban will conclude her presentation by sharing various detection strategies that cyber defenders can implement to detect malicious activity. 

The session will be hosted in the Main Room from 2:50 - 3:10 pm CEST. 

More information on the event is available on the fwd:cloudsec Europe website. 

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organizations can confidently expose and close AI risk, without inhibiting business operations.

The rapid development and adoption of AI technologies in the past two years has introduced major cybersecurity and compliance risks that organizations must proactively address without established best practices. As a result, cybersecurity teams face significant AI-related challenges, such as vulnerability detection and remediation, containing data leakage and reining in unauthorized AI use. 

According to recent Tenable Research, more than one-third of security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes. In fact, during a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The cybersecurity risk of unfettered AI usage is compounded by the increasing volume of AI vulnerabilities. Tenable Research has found and disclosed several vulnerabilities in AI solutions, including in Microsoft Copilot, Flowise, Langflow, among others.

With AI Aware, Tenable transforms proactive security for AI solutions. Tenable AI Aware uniquely leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. The combined depth of these multiple assessment methods delivers the most complete detection of AI in the modern ecosystem. 

[Watch the Tenable AI Aware product demo video here.]

“In an effort to keep pace with the sea change introduced by AI, organizations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy and compliance red flags,” said Shai Morag, chief product officer, Tenable. “Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organizations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies.”

In addition to AI software and vulnerability detection, key AI Aware features available in Tenable Vulnerability Management, Tenable Security Center and Tenable One include:

• Dashboard Views provide a snapshot of the most common AI software discovered in the ecosystem, top assets with vulnerabilities related to AI and the most common communication ports leveraged by AI technologies. 
• Shadow Software Development Detection illuminates the unexpected existence of the building blocks of AI development in the environment, enabling businesses to align initiatives with organizational best practices.
• Filter Findings for AI Detections enable teams to focus on AI-related findings when reviewing vulnerability assessment results. Combined with the power of Tenable Vulnerability Prioritization Rating (VPR), teams can effectively assess and prioritize vulnerabilities introduced by AI packages and libraries. 
• Asset-Centric AI-Inventory provides a complete inventory of AI-related packages, libraries and browser plugins while reviewing the detailed profile of an asset. 

Join the upcoming Tenable webinar titled, "Mitigating AI-Related Security Risks: Insights and Strategies with Tenable AI Aware" on October 9, 2024 at 11:00 am ET, by registering here.

More information on Tenable AI Aware is available at: https://www.tenable.com/products/vulnerability-management/ai-aware 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the availability of Tenable Enclave Security, a solution that supports the needs of customers operating in highly secure environments, such as those that are classified or otherwise air-gapped. Backed by Tenable Security Center, Tenable Enclave Security protects IT assets and modern workloads with risk assessment and contextual insight so organizations can identify exposures before they cause damage.

Federal agencies face unique security and compliance regulations when deploying cloud solutions, and Tenable Enclave Security is key to supporting public sector customers, as well as commercial organizations with strict data residency, security or privacy requirements. 

Built to support the strictest security requirements, including FedRAMP High and Impact Level 5, Tenable Enclave Security empowers agencies to know, expose and close IT and container exposures from a single, highly secure platform. This consolidated approach also eliminates tool sprawl, reduces costs and boosts efficiency for public sector organizations.

“As a leader in vulnerability management and cloud security and a longtime partner of governments all around the world, we’re perfectly positioned to tap into our expertise and deliver mission critical capabilities to assist government agencies as they transform their IT strategy and safely embrace modern workloads to speed innovation,” said Robert Huber, chief security officer and president, Tenable Public Sector, Tenable. “With Tenable Enclave Security, agencies are now able to gain a fuller understanding of their exposure and risk with the ability to continuously discover, assess and prioritize vulnerabilities across IT assets and container images, all from a single, highly secure framework.”

Tenable Enclave Security will immediately enable organizations to: 

• Meet cloud security and data residency restrictions: Tenable Enclave Security enables customers to meet stringent cloud security and data residency requirements, such as FedRAMP High or Impact Level 5. It can meet customers’ needs wherever they reside, with the ability to be deployed on-prem, in a virtual private cloud or commercial cloud.
• Secure containers before they hit production: As agencies modernize their infrastructure, containers create a more efficient manner to create applications and modernize existing ones. Tenable Enclave Security empowers organizations to quickly assess the risk in their container images, expose their vulnerabilities and understand the breadth of impact.
• Centralize security tools: Unlike siloed solutions with fragmented visibility, Tenable Enclave Security provides protection for IT assets and modern workloads from a single deployment architecture. 

For more information on Tenable Enclave Security, please visit: https://www.tenable.com/products/enclave-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, Inc. the exposure management company, today announced that Bank of Yokohama, one of the largest of the major regional banks in Japan, has chosen Tenable Identity Exposure to protect its Active Directory and enhance the bank’s ability to protect its internal systems from cyber threats.

Bank of Yokohama, based in Kanagawa Prefecture and Tokyo Metropolitan, is committed to enhancing industry security standards. In 2023, it collaborated with 19 other regional banks to establish CMS-CSIRT, an organization providing mutual cybersecurity support. Unlike megabanks, regional banks often face resource and budget constraints, making such collaborative efforts crucial for implementing effective security programs.

As part of its objectives for FY 2023, the Bank of Yokohama wanted to improve Active Directory (AD) security as it’s the most crucial system in the bank’s intranet. Previously, the bank only applied security patches periodically without any tool or system to detect Active Directory misconfigurations or attacks. Given the evolving threat landscape and rise of attacks involving an identity breach, enhancing the security of Active Directory became a top priority.

“Attackers who have infiltrated an organization's internal system or who wield ransomware and other malware, almost always make a beeline for Active Directory,” said Mr. Akihiro Fushimi, Leader, Concordia Financial Group ICT Governance Department, Security Governance Section and Bank of Yokohama ICT Planning & Promotion Department, Security Governance Section. “They steal user account privileges and elevate them via Active Directory, to enable them to access important data. So, securing Active Directory was an area that we wanted to invest in.”

Bank of Yokohama already used Tenable Security Center for vulnerability management and trusted Tenable's reliability. Selecting Tenable Identity Exposure was an easy decision, with its fast, agentless feature ensuring a seamless deployment process.

The deployment of Tenable Identity Exposure provided the Bank of Yokohama with an in-depth view of its Active Directory. The bank can now accurately identify every AD account, including dormant accounts and machine identities, and understand the potential risks of exploitation by malicious actors due to the multi-functional capabilities of Active Directory. Tenable Identity Exposure detects many of the techniques used in cyber attacks to gain elevated privileges and enable lateral movement, including DCShadow, Brute Force, Password Spraying, Golden Ticket and more.

“Previously, we were under the impression that all we needed to do was to apply patches and manage accounts. Now, with the deployment of Tenable Identity Exposure, we are physically able to see the risk of exploitation. This, I believe, is the positive impact of deploying Tenable Identity Exposure. Its alert functions are comprehensive—it detects vulnerabilities as well as misconfigurations,” said Mr. Shinnosuke Shimada, Bank of Yokohama ICT Planning & Promotion Department, Security, Governance Section.

“Many organizations struggle to maintain proper Active Directory security as their domains grow more complex, often leaving flaws undetected until a major incident occurs. Given the high-profile attacks involving AD in recent years, it's crucial to prioritize AD security within the overall cybersecurity strategy,” said Naoya Kishima, Country Manager, Tenable Japan. “Bank of Yokohama recognizes this need, and we're pleased to support them in their security journey.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Media contact
Tenable PR
tenablepr@tenable.com 

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud trilogy criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹ 

Additional key findings from the report include: 

• 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
• 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
• Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
• 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
• 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from millions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

¹ IBM Security Cost of a Data Breach Report 2024

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced that it has been ranked first for 2023 worldwide market share for device vulnerability management in the IDC Worldwide Device Vulnerability Management Market Shares (doc #US51417424, July 2024) report. This is the sixth consecutive year Tenable has been ranked first for market share.

According to the IDC market share report, Tenable is ranked first in global 2023 market share and revenue. Tenable credits its success to its strategic approach to risk management, which includes a suite of industry-leading exposure management solutions that expose and close security gaps, safeguarding business value, reputation and trust. The Tenable One Exposure Management Platform, the world’s only AI-powered exposure management platform, radically unifies security visibility, insight and action across the modern attack surface – IT, cloud, OT and IoT, web apps and identity systems.

According to the IDC market share report, “The top 3 device vulnerability management vendors remained the same in 2023 as previous years, with Tenable once again being the top vendor.”

The report highlighted Tenable’s use of generative AI, noting, “ExposureAI, available as part of the Tenable One platform, provides GenAI-based capabilities that include natural language search queries, attack path and asset exposure summaries, mitigation guidance suggestions, and a bot assistant to ask specific questions about attack path results.”

Tenable’s latest innovations in the vulnerability management market – Vulnerability Intelligence and Exposure Response – were also highlighted in the report, stating, “Vulnerability Intelligence provides dynamic vulnerability information collected from multiple data sources and vetted by Tenable researchers, while Exposure Response enables security teams to create campaigns based on risk posture trends so remediation progress can be monitored internally.”

The report also spotlighted the Tenable Assure Partner Program and MDR partnerships, noting, “Tenable has made more of a strategic effort to recruit managed security service providers (SPs) and improve the onboarding experience for them, as well as their customers. Managed detection and response (MDR) providers have been adding proactive exposure management because it helps shrink the customer attack surface, helping them provide better outcomes. Sophos and Coalfire are recently announced partners adding managed exposure management services to their MDR and pen testing services, respectively.”

“At Tenable, we build products for a cloud-first, platform centric world, meeting customers' evolving risk management needs,” said Shai Morag, chief product officer, Tenable. “We leverage cutting edge technology, innovating across our portfolio to help customers know, expose and close priority security gaps that put businesses at risk.” 

"The device vulnerability management market is characterized by a focus on broader exposure management, with a number of acquisitions to round out exposure management portfolios," said Michelle Abraham, senior research director, Security and Trust at IDC. "Vendors are advised to enhance their offerings with additional security signals and automated remediation workflows to stay competitive in this evolving landscape."

To read an excerpt of the IDC market share report, visit https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-market-share-report-2023 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

Today’s cloud environments are more complex than ever. The challenge of managing this complexity has led to preventable security gaps caused by misconfigurations, risky entitlements and vulnerabilities, leaving sensitive data and AI resources vulnerable. In fact, Tenable Research found that 38% of organizations are battling a toxic cloud trilogy – cloud workloads that are publicly exposed, critically vulnerable and highly privileged. 

Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments, including vulnerabilities, misconfigurations and excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning. With Tenable Cloud Security’s intuitive user interface, security leaders can easily answer tough questions – such as “What type of data do I have in the cloud and where is it located?,” “What AI resources are vulnerable and how do I remediate the issue?” and “Who has access to my sensitive cloud and AI data?”

“Data is constantly on the move and new uses for data in today’s AI-driven world have created new risks,” said Liat Hayun, vice president of product management for Tenable Cloud Security. “DSPM and AI-SPM capabilities from Tenable Cloud Security bring context into complex risk relationships, so teams can prioritize threats based on the data involved. This gives customers the confidence to unlock the full potential of their data without compromising security.”

“The importance of cloud data has made communicating data exposure risk one of the biggest security challenges for CISOs,” said Philip Bues, senior research manager, Cloud Security at IDC. “Tenable is at the forefront of this emerging DSPM-CNAPP conversation, enabling customers to contextualize and prioritize data risk and communicate it, which is pertinent to almost every domain in CNAPP.”

AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data. With the combined power of AI-SPM and Tenable Cloud Security’s market-leading cloud infrastructure entitlement management (CIEM) and Cloud Workload Protection (CWP) capabilities, customers can manage AI entitlements, reduce exposure risk of AI resources, and safeguard critical AI and machine learning training data to ensure data integrity. 

Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:

• Gain complete visibility and understanding of cloud and AI data - Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface. 
• Effectively prioritize and remediate cloud risk - Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
• Proactively identify cloud and AI data exposure - Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity. 

Join the upcoming Tenable webinar, “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” on October 22, 2024 at 10 am BST and 11 am ET, by registering here. 

Read today’s blog post, “Harden your cloud security posture by protecting your cloud data and AI resources” here. 

With a Net Promoter Score of 73, Tenable Cloud Security helps customers around the world expose and close priority threats. More information about DSPM and AI-SPM capabilities available in Tenable Cloud Security is available at: https://www.tenable.com/announcements/dspm-ai-spm

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This report provides details of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application before deployment.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The report provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided, which displays any detected applications that are found to be vulnerable to Log4J exploits.

The report and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

The requirements for this dashboard are:

• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Chapters

Executive Summary: The Tenable Web App Scanning Overview report provides details of vulnerability data discovered by Tenable Web App Scanning, beginning with summary dashboard style view for leadership team. 

Web Application Vulnerability Statistics: This chapter combines the data collected from Nessus and Tenable Web App Scanner, providing a holistic view of vulnerabilities based on scanning the physical asset as well as the web application asset.  

OWASP 2021 Vulnerability Summary: Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations. 

Log4Shell: This chapter provides trending analysis along with vulnerability details related to log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. Tenable recommends prioritizing these applications immediately for remediation efforts.
 

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This dashboard provides a high-level summary of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The dashboard provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided , which displays any detected applications that are found to be vulnerable to Log4J exploits.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

• The requirements for this dashboard are:
• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Components

Web App Scanning - Statistics: The matrix provides a quick overview of actionable metrics collected using Nessus and Tenable Web AppScanner. The first column shows a count of vulnerabilities with a CVSSv3 score present, followed by the most critical of vulnerabilities with a CVSSv3 score greater than 9.  The "Needs Review" column displays the vulnerabilities with CVSSv3 base score of 5 to 8. The "Remediated" column shows all vulnerabilities with a CVSSV3 score greater than 5 that have been remediated.  The last two columns are focused on OWASP based vulnerabilities. The matrix provides two rows, the top showing vulnerabilities detected by Nessus.

Web App Scanning - Log4Shell Vulnerabilities: This chart presents a list of log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. The chart uses the plugin name string and "Include Web App Results" to provide ring segments for each discovered vulnerability. Tenable recommends that these applications be prioritized immediately for remediation efforts.

Web App Scanning - OWASP 2021 Categories: This matrix provides a count of assets and vulnerabilities for each OWASP 2021 category that were detected using the Tenable Web App Scanner. Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, enables risk managers to gain insight into methods used by adversaries to exploit common flaws and misconfigurations.  Tenable Web App Scanner attributes vulnerabilities using the Cross Reference field to link to all published OWASP versions. Upon completion of the web application scan, the vulnerabilities detected and linked to OWASP 2021 provide an industry best practice approach to mitigating vulnerabilities.

Web App Scanning - Tenable Detected Applications Vulnerable to Log4Shell: The table presents a list of assets detected by both Nessus and Tenable Web App Scanning that are vulnerable to log4shell. The chart uses the plugin name string and "Include Web App Results" to provide entries for assets with the log4shell vulnerability. Tenable recommends that these applications be prioritized immediately for remediation efforts.

Tenable Research delivers world class exposure intelligence, data science insights, zero day research and security advisories. Our Security Response Team (SRT) in Tenable Research tracks threat and vulnerability intelligence feeds to make sure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to dig into technical details and author white papers, blogs, and additional communications to ensure stakeholders are fully informed of the latest cyber risks and threats. The SRT provides breakdowns for the latest critical vulnerabilities on the Tenable blog.

When security events rise to the level of taking immediate action, Tenable - leveraging SRT intelligence -  notifies customers proactively to provide exposure information, current threat details and how to use Tenable products and capabilities to accelerate remediation.

This dashboard contains indicator style components to highlight any vulnerabilities related to the Tenable Research Advisories where Tenable issues customer guidance that immediate remediation was of paramount importance to all affected organizations. Tenable recommends addressing missing patches as identified in the dashboard components. 

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Security Industry Trends.

The dashboard requirements are: 

• Tenable.sc 6.2.0
• Nessus 10.6.1

The following components are included in this dashboard are:

Research Advisories - Citrix NetScaler ADC and NetScaler Gateway: In August 2023, Mandiant identified a zero-day exploitation impacting NetScaler ADC and NetScaler Gateway appliances. When NetScaler ADC or NetScaler Gateway is configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Depending on the permissions of the account they have hijacked, this could allow the attacker to gain additional access within a target environment and collect other account credentials. Successful exploitation allows the attacker to bypass multi factor authentication (MFA) requirements.

Research Advisories - curl Heap Overflow and Cookie Injection: On October 3, an open-source developer and maintainer of curl, took to X (formerly Twitter) to announce that a new high severity CVE would be fixed in curl 8.4.0. The developer noted that the release would be ahead of schedule and released on October 11, indicating in a reply to the twitter thread that this is 'the worst security problem found in curl in a long time.' 

Research Advisories - MOVEit: The CL0P Ransomware Group, also known as TA505, has exploited zero-day vulnerabilities across a series of file transfer solutions since December 2020. File transfer solutions often contain sensitive information from a variety of organizations. This stolen information is used to extort victims to pay ransom demands. In 2023, CL0P claimed credit for the exploitation of vulnerabilities in both Fortra’s GoAnywhere Managed File Transfer (MFT) and Progress Software’s MOVEit Transfer solutions. 

Research Advisories - log4shell: This matrix alerts organizations to potential concerns regarding the Log4j vulnerability. Displayed are the vulnerabilities that are directly associated with the log4shell CVEs (CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-4104, and CVE-2021-45105) and Log4j installations. 

Research Advisories - CISA Alerts AA22-011A and AA22-047A: On November 3rd, 2021, Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, and on Jan 11, 2022 CISA issued an alert (AA22-011A) warning of increased risk to U.S. critical infrastructure.  A total of 18 CVEs can be associated with this alert.  Hosts and Vulnerabilities identified and mitigated are displayed using the referenced CVE. 

Research Advisories - PrintNightmare: On July 1, Microsoft released an advisory for CVE-2021-34527. This advisory was released in response to public reports about a proof-of-concept (PoC) exploit for CVE-2021-1675, a similar vulnerability in the Windows Print Spooler. To help clear up confusion about the vulnerability, Microsoft updated its advisory for CVE-2021-1675 to clarify that it is similar but distinct from CVE-2021-34527. On July 6, Microsoft updated its advisory to announce the availability of out-of-band patches for CVE-2021-34527, a critical vulnerability in its Windows Print Spooler that researchers are calling PrintNightmare. This remote code execution (RCE) vulnerability affects all versions of Microsoft Windows. 

Research Advisories - MS Exchange ProxyLogon: On March 2, 2021 Microsoft released several critical security updates for zero-day Microsoft Exchange Server vulnerabilities, and reported that the exploits are actively being exploited by threat actors. Within a single week thousands of organizations world-wide have fallen victim. Tenable released several plugins for Exchange Server 2010, 2013, 2016 and 2019, which can be used to determine which Exchange Server systems are vulnerable in your environment.

NSW and Victoria commit to an independent review of Murray-Darling water modelling, and Inspector-General Mick Keelty flags the possibility of unearthing more corruption.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

Mar 20, 2020

Meghan L. O’Sullivan, Professor of International Affairs at Harvard’s Kennedy School, former National Security Council advisor, and a Bloomberg Opinion columnist, discusses the oil market plunge, and the Russia-Saudi relationship. Hosted by Lisa Abramowicz and Paul Sweeney.

A K Ganguly confirmed on Tuesday that he had resigned as chairman of the WBHRC.