"In order to free the port town of Awa from an evil tyrant, Yona and her friends team up with Jaeha, the Green Dragon, and his fellow pirates. While Hak and the others are fighting Yang Kum-ji's forces, Yona and Yun infiltrate a human trafficking operation! When the enemy closes in and things look dire, what will Yona do?" -- Page [4] cover.

Presents, in graphic novel format, the story of the Haitian Revolution and its role in Napoleon's decision to sell Thomas Jefferson and James Monroe the whole Louisiana Territory, when they sought to buy only New Orleans.

Tackling global challenges to food systems means we must better understand the future of aquatic foods. Research is critical to understand emerging opportunities for innovations—including the rise of lab-grown fish—and how these innovations can advance a healthy, sustainable, and equitable food system. To advance this research, I recently had the honor of formalizing a new […]

Ethiopia possesses abundant water resources and hydropower potential, yet less than 5 percent of irrigable land in the Blue Nile basin has been developed for food production, and more than 80 percent of Ethiopians lack access to electricity. Consequently, the Ethiopian government is pursuing plans to develop hydropower and irrigation along the Blue Nile River in an effort to tap into this underused potential.

In this episode of the IoT Insider podcast, Bernard Montel provides a brief history of the evolution of the Cloud and the challenges of securing it.

 New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States. Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” said Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks.” 

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data. 

Weak SSL/TLS encryption 

A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure

Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption 

There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user's browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk

The identification of over 2,000 API v3 out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

“The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk” Ng added. “By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Notes to Editors:

1. Tenable examined the top 12-16 BFSI companies discoverable based on market cap. 
2. In the context of this alert:

• An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
• The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

• EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
• Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
• Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurityon September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, announced today that Shelly Raban, senior cloud security researcher for Tenable, will give a presentation at fwd:cloudsec Europe 2024, taking place on 17 September, 2024 in Brussels, Belgium.

During the session titled, “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and Beyond),” Raban will explore techniques adversaries use to exploit modern policy-as-code and Infrastructure-as-code (IaC) domain-specific languages (DSLs), compromise cloud identities and exfiltrate sensitive data. Raban will conclude her presentation by sharing various detection strategies that cyber defenders can implement to detect malicious activity. 

The session will be hosted in the Main Room from 2:50 - 3:10 pm CEST. 

More information on the event is available on the fwd:cloudsec Europe website. 

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organizations can confidently expose and close AI risk, without inhibiting business operations.

The rapid development and adoption of AI technologies in the past two years has introduced major cybersecurity and compliance risks that organizations must proactively address without established best practices. As a result, cybersecurity teams face significant AI-related challenges, such as vulnerability detection and remediation, containing data leakage and reining in unauthorized AI use. 

According to recent Tenable Research, more than one-third of security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes. In fact, during a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The cybersecurity risk of unfettered AI usage is compounded by the increasing volume of AI vulnerabilities. Tenable Research has found and disclosed several vulnerabilities in AI solutions, including in Microsoft Copilot, Flowise, Langflow, among others.

With AI Aware, Tenable transforms proactive security for AI solutions. Tenable AI Aware uniquely leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. The combined depth of these multiple assessment methods delivers the most complete detection of AI in the modern ecosystem. 

[Watch the Tenable AI Aware product demo video here.]

“In an effort to keep pace with the sea change introduced by AI, organizations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy and compliance red flags,” said Shai Morag, chief product officer, Tenable. “Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organizations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies.”

In addition to AI software and vulnerability detection, key AI Aware features available in Tenable Vulnerability Management, Tenable Security Center and Tenable One include:

• Dashboard Views provide a snapshot of the most common AI software discovered in the ecosystem, top assets with vulnerabilities related to AI and the most common communication ports leveraged by AI technologies. 
• Shadow Software Development Detection illuminates the unexpected existence of the building blocks of AI development in the environment, enabling businesses to align initiatives with organizational best practices.
• Filter Findings for AI Detections enable teams to focus on AI-related findings when reviewing vulnerability assessment results. Combined with the power of Tenable Vulnerability Prioritization Rating (VPR), teams can effectively assess and prioritize vulnerabilities introduced by AI packages and libraries. 
• Asset-Centric AI-Inventory provides a complete inventory of AI-related packages, libraries and browser plugins while reviewing the detailed profile of an asset. 

Join the upcoming Tenable webinar titled, "Mitigating AI-Related Security Risks: Insights and Strategies with Tenable AI Aware" on October 9, 2024 at 11:00 am ET, by registering here.

More information on Tenable AI Aware is available at: https://www.tenable.com/products/vulnerability-management/ai-aware 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the availability of Tenable Enclave Security, a solution that supports the needs of customers operating in highly secure environments, such as those that are classified or otherwise air-gapped. Backed by Tenable Security Center, Tenable Enclave Security protects IT assets and modern workloads with risk assessment and contextual insight so organizations can identify exposures before they cause damage.

Federal agencies face unique security and compliance regulations when deploying cloud solutions, and Tenable Enclave Security is key to supporting public sector customers, as well as commercial organizations with strict data residency, security or privacy requirements. 

Built to support the strictest security requirements, including FedRAMP High and Impact Level 5, Tenable Enclave Security empowers agencies to know, expose and close IT and container exposures from a single, highly secure platform. This consolidated approach also eliminates tool sprawl, reduces costs and boosts efficiency for public sector organizations.

“As a leader in vulnerability management and cloud security and a longtime partner of governments all around the world, we’re perfectly positioned to tap into our expertise and deliver mission critical capabilities to assist government agencies as they transform their IT strategy and safely embrace modern workloads to speed innovation,” said Robert Huber, chief security officer and president, Tenable Public Sector, Tenable. “With Tenable Enclave Security, agencies are now able to gain a fuller understanding of their exposure and risk with the ability to continuously discover, assess and prioritize vulnerabilities across IT assets and container images, all from a single, highly secure framework.”

Tenable Enclave Security will immediately enable organizations to: 

• Meet cloud security and data residency restrictions: Tenable Enclave Security enables customers to meet stringent cloud security and data residency requirements, such as FedRAMP High or Impact Level 5. It can meet customers’ needs wherever they reside, with the ability to be deployed on-prem, in a virtual private cloud or commercial cloud.
• Secure containers before they hit production: As agencies modernize their infrastructure, containers create a more efficient manner to create applications and modernize existing ones. Tenable Enclave Security empowers organizations to quickly assess the risk in their container images, expose their vulnerabilities and understand the breadth of impact.
• Centralize security tools: Unlike siloed solutions with fragmented visibility, Tenable Enclave Security provides protection for IT assets and modern workloads from a single deployment architecture. 

For more information on Tenable Enclave Security, please visit: https://www.tenable.com/products/enclave-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, Inc. the exposure management company, today announced that Bank of Yokohama, one of the largest of the major regional banks in Japan, has chosen Tenable Identity Exposure to protect its Active Directory and enhance the bank’s ability to protect its internal systems from cyber threats.

Bank of Yokohama, based in Kanagawa Prefecture and Tokyo Metropolitan, is committed to enhancing industry security standards. In 2023, it collaborated with 19 other regional banks to establish CMS-CSIRT, an organization providing mutual cybersecurity support. Unlike megabanks, regional banks often face resource and budget constraints, making such collaborative efforts crucial for implementing effective security programs.

As part of its objectives for FY 2023, the Bank of Yokohama wanted to improve Active Directory (AD) security as it’s the most crucial system in the bank’s intranet. Previously, the bank only applied security patches periodically without any tool or system to detect Active Directory misconfigurations or attacks. Given the evolving threat landscape and rise of attacks involving an identity breach, enhancing the security of Active Directory became a top priority.

“Attackers who have infiltrated an organization's internal system or who wield ransomware and other malware, almost always make a beeline for Active Directory,” said Mr. Akihiro Fushimi, Leader, Concordia Financial Group ICT Governance Department, Security Governance Section and Bank of Yokohama ICT Planning & Promotion Department, Security Governance Section. “They steal user account privileges and elevate them via Active Directory, to enable them to access important data. So, securing Active Directory was an area that we wanted to invest in.”

Bank of Yokohama already used Tenable Security Center for vulnerability management and trusted Tenable's reliability. Selecting Tenable Identity Exposure was an easy decision, with its fast, agentless feature ensuring a seamless deployment process.

The deployment of Tenable Identity Exposure provided the Bank of Yokohama with an in-depth view of its Active Directory. The bank can now accurately identify every AD account, including dormant accounts and machine identities, and understand the potential risks of exploitation by malicious actors due to the multi-functional capabilities of Active Directory. Tenable Identity Exposure detects many of the techniques used in cyber attacks to gain elevated privileges and enable lateral movement, including DCShadow, Brute Force, Password Spraying, Golden Ticket and more.

“Previously, we were under the impression that all we needed to do was to apply patches and manage accounts. Now, with the deployment of Tenable Identity Exposure, we are physically able to see the risk of exploitation. This, I believe, is the positive impact of deploying Tenable Identity Exposure. Its alert functions are comprehensive—it detects vulnerabilities as well as misconfigurations,” said Mr. Shinnosuke Shimada, Bank of Yokohama ICT Planning & Promotion Department, Security, Governance Section.

“Many organizations struggle to maintain proper Active Directory security as their domains grow more complex, often leaving flaws undetected until a major incident occurs. Given the high-profile attacks involving AD in recent years, it's crucial to prioritize AD security within the overall cybersecurity strategy,” said Naoya Kishima, Country Manager, Tenable Japan. “Bank of Yokohama recognizes this need, and we're pleased to support them in their security journey.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Media contact
Tenable PR
tenablepr@tenable.com 

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud trilogy criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹ 

Additional key findings from the report include: 

• 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
• 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
• Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
• 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
• 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from millions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

¹ IBM Security Cost of a Data Breach Report 2024

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced that it has been ranked first for 2023 worldwide market share for device vulnerability management in the IDC Worldwide Device Vulnerability Management Market Shares (doc #US51417424, July 2024) report. This is the sixth consecutive year Tenable has been ranked first for market share.

According to the IDC market share report, Tenable is ranked first in global 2023 market share and revenue. Tenable credits its success to its strategic approach to risk management, which includes a suite of industry-leading exposure management solutions that expose and close security gaps, safeguarding business value, reputation and trust. The Tenable One Exposure Management Platform, the world’s only AI-powered exposure management platform, radically unifies security visibility, insight and action across the modern attack surface – IT, cloud, OT and IoT, web apps and identity systems.

According to the IDC market share report, “The top 3 device vulnerability management vendors remained the same in 2023 as previous years, with Tenable once again being the top vendor.”

The report highlighted Tenable’s use of generative AI, noting, “ExposureAI, available as part of the Tenable One platform, provides GenAI-based capabilities that include natural language search queries, attack path and asset exposure summaries, mitigation guidance suggestions, and a bot assistant to ask specific questions about attack path results.”

Tenable’s latest innovations in the vulnerability management market – Vulnerability Intelligence and Exposure Response – were also highlighted in the report, stating, “Vulnerability Intelligence provides dynamic vulnerability information collected from multiple data sources and vetted by Tenable researchers, while Exposure Response enables security teams to create campaigns based on risk posture trends so remediation progress can be monitored internally.”

The report also spotlighted the Tenable Assure Partner Program and MDR partnerships, noting, “Tenable has made more of a strategic effort to recruit managed security service providers (SPs) and improve the onboarding experience for them, as well as their customers. Managed detection and response (MDR) providers have been adding proactive exposure management because it helps shrink the customer attack surface, helping them provide better outcomes. Sophos and Coalfire are recently announced partners adding managed exposure management services to their MDR and pen testing services, respectively.”

“At Tenable, we build products for a cloud-first, platform centric world, meeting customers' evolving risk management needs,” said Shai Morag, chief product officer, Tenable. “We leverage cutting edge technology, innovating across our portfolio to help customers know, expose and close priority security gaps that put businesses at risk.” 

"The device vulnerability management market is characterized by a focus on broader exposure management, with a number of acquisitions to round out exposure management portfolios," said Michelle Abraham, senior research director, Security and Trust at IDC. "Vendors are advised to enhance their offerings with additional security signals and automated remediation workflows to stay competitive in this evolving landscape."

To read an excerpt of the IDC market share report, visit https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-market-share-report-2023 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

Today’s cloud environments are more complex than ever. The challenge of managing this complexity has led to preventable security gaps caused by misconfigurations, risky entitlements and vulnerabilities, leaving sensitive data and AI resources vulnerable. In fact, Tenable Research found that 38% of organizations are battling a toxic cloud trilogy – cloud workloads that are publicly exposed, critically vulnerable and highly privileged. 

Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments, including vulnerabilities, misconfigurations and excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning. With Tenable Cloud Security’s intuitive user interface, security leaders can easily answer tough questions – such as “What type of data do I have in the cloud and where is it located?,” “What AI resources are vulnerable and how do I remediate the issue?” and “Who has access to my sensitive cloud and AI data?”

“Data is constantly on the move and new uses for data in today’s AI-driven world have created new risks,” said Liat Hayun, vice president of product management for Tenable Cloud Security. “DSPM and AI-SPM capabilities from Tenable Cloud Security bring context into complex risk relationships, so teams can prioritize threats based on the data involved. This gives customers the confidence to unlock the full potential of their data without compromising security.”

“The importance of cloud data has made communicating data exposure risk one of the biggest security challenges for CISOs,” said Philip Bues, senior research manager, Cloud Security at IDC. “Tenable is at the forefront of this emerging DSPM-CNAPP conversation, enabling customers to contextualize and prioritize data risk and communicate it, which is pertinent to almost every domain in CNAPP.”

AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data. With the combined power of AI-SPM and Tenable Cloud Security’s market-leading cloud infrastructure entitlement management (CIEM) and Cloud Workload Protection (CWP) capabilities, customers can manage AI entitlements, reduce exposure risk of AI resources, and safeguard critical AI and machine learning training data to ensure data integrity. 

Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:

• Gain complete visibility and understanding of cloud and AI data - Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface. 
• Effectively prioritize and remediate cloud risk - Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
• Proactively identify cloud and AI data exposure - Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity. 

Join the upcoming Tenable webinar, “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” on October 22, 2024 at 10 am BST and 11 am ET, by registering here. 

Read today’s blog post, “Harden your cloud security posture by protecting your cloud data and AI resources” here. 

With a Net Promoter Score of 73, Tenable Cloud Security helps customers around the world expose and close priority threats. More information about DSPM and AI-SPM capabilities available in Tenable Cloud Security is available at: https://www.tenable.com/announcements/dspm-ai-spm

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

In the event of a security breach, a software inventory is essential to determine what was breached, and who needs to be notified.  First responders require a software inventory to perform forensic analysis and determine breach notification requirements for vendors, business partners, and regulatory bodies. Organizations that have a clear understanding of software in their environment can quickly assess a breach impact and identify affected areas. If legal proceedings are involved, an organized software inventory greatly assists in limiting data handed over to Law Enforcement and assists technical staff in depositions or testimony. 

Business Continuity and Disaster Recovery plans specify requirements for restoration of critical assets and services, but these need to be identified to establish a Recovery Time Objective (the amount of time to recover a service to an acceptable level of operation) and Recovery Point Objective (the last point of known good data.)  Developing and maintaining a software inventory is a critical first step in implementing an effective cyber security program.

A software inventory helps demonstrate compliance with regulatory controls and Service Level Agreements (SLA) for software used in the environment. From the perspective of “less is more,” a software inventory also identifies unnecessary software running in the environment, which increases the attack surface without providing a business advantage.

Security operations perform scans to identify operating system and application versions, including unsupported software and unpatched systems. This information is used to establish a secure baseline and measure drift from that baseline. A software inventory is necessary to determine if the software is authorized, appropriately licensed, supported, and has the most recent security fixes applied.
Identifying the authorized software assets is an important step to ensure critical assets are protected. The larger the organization, the more difficult the inventory process becomes. Tenable.io and Tenable.sc help organizations build a software inventory. There are several software discovery plugins that run by default in the following scan templates:

• Basic and Advanced Agent Scans
• Advanced (Network) Scan
• Basic (Network) Scan
• Credentialed Patch Audit
• Internal PCI Network Scan

Maintaining a software inventory aids in cyber hygiene and minimizes unauthorized software installation. Many organizations perform an annual audit by an external third party, where they are required to enumerate authorized software that is running in the environment. Organizations that maintain a current software inventory throughout the year can produce information required by auditors and vendors with minimal effort. 

The report and its chapters are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Discovery and Detection.

The report requirements are: 

• Tenable.sc 5.19.1
• Nessus 10.0.1

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.io discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture.

Chapters

Executive Summary This chapter presents data for detected operating systems, browsers, unsupported software, and other software installations on systems within a network.

Installed Software Iteration This chapter displays software detected across the organizations systems. Software enumeration is utilized to detect Installed software.

Issues Gating Remediation This chapter displays known/identified roadblocks to completing remediation efforts.

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This report provides details of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application before deployment.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The report provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided, which displays any detected applications that are found to be vulnerable to Log4J exploits.

The report and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

The requirements for this dashboard are:

• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Chapters

Executive Summary: The Tenable Web App Scanning Overview report provides details of vulnerability data discovered by Tenable Web App Scanning, beginning with summary dashboard style view for leadership team. 

Web Application Vulnerability Statistics: This chapter combines the data collected from Nessus and Tenable Web App Scanner, providing a holistic view of vulnerabilities based on scanning the physical asset as well as the web application asset.  

OWASP 2021 Vulnerability Summary: Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations. 

Log4Shell: This chapter provides trending analysis along with vulnerability details related to log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. Tenable recommends prioritizing these applications immediately for remediation efforts.
 

"The shrinkadinks think I have a screw loose. Ain't playing with a full deck. Whacked-out wiring. Missing marbles." Irreverent, foulmouthed seventeen-year-old Cricket is the oldest ward in a Catholic boys' home in Maine-and his life sucks. With prospects for the future that range from professional fighter to professional drug dealer, he seems doomed to a life of "criminal rapscallinity." In fact, things look so bleak that Cricket can't help but wonder if his best option is one final cliff dive into the great unknown. But then Wynona Bidaban steps into his world, and Cricket slowly realizes that maybe, just maybe, life doesn't totally suck.

L'enorme potentiel agricole de la Republique Democratiqu du Congo (RDC) est bien documente. Le pays est doté de plus de deux millions de kilomètres carrés (km²) de terres, dont 800 mille sont arables, et pourtant, la portion de terres cultivées ne s’élève qu’à 10 pour cent. La RDC bénéficie également de conditions climatiques et météorologiques favorables, permettant plusieurs récoltes de nombreuses cultures chaque année.

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This dashboard provides a high-level summary of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The dashboard provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided , which displays any detected applications that are found to be vulnerable to Log4J exploits.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

• The requirements for this dashboard are:
• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Components

Web App Scanning - Statistics: The matrix provides a quick overview of actionable metrics collected using Nessus and Tenable Web AppScanner. The first column shows a count of vulnerabilities with a CVSSv3 score present, followed by the most critical of vulnerabilities with a CVSSv3 score greater than 9.  The "Needs Review" column displays the vulnerabilities with CVSSv3 base score of 5 to 8. The "Remediated" column shows all vulnerabilities with a CVSSV3 score greater than 5 that have been remediated.  The last two columns are focused on OWASP based vulnerabilities. The matrix provides two rows, the top showing vulnerabilities detected by Nessus.

Web App Scanning - Log4Shell Vulnerabilities: This chart presents a list of log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. The chart uses the plugin name string and "Include Web App Results" to provide ring segments for each discovered vulnerability. Tenable recommends that these applications be prioritized immediately for remediation efforts.

Web App Scanning - OWASP 2021 Categories: This matrix provides a count of assets and vulnerabilities for each OWASP 2021 category that were detected using the Tenable Web App Scanner. Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, enables risk managers to gain insight into methods used by adversaries to exploit common flaws and misconfigurations.  Tenable Web App Scanner attributes vulnerabilities using the Cross Reference field to link to all published OWASP versions. Upon completion of the web application scan, the vulnerabilities detected and linked to OWASP 2021 provide an industry best practice approach to mitigating vulnerabilities.

Web App Scanning - Tenable Detected Applications Vulnerable to Log4Shell: The table presents a list of assets detected by both Nessus and Tenable Web App Scanning that are vulnerable to log4shell. The chart uses the plugin name string and "Include Web App Results" to provide entries for assets with the log4shell vulnerability. Tenable recommends that these applications be prioritized immediately for remediation efforts.

Tenable Research delivers world class exposure intelligence, data science insights, zero day research and security advisories. Our Security Response Team (SRT) in Tenable Research tracks threat and vulnerability intelligence feeds to make sure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to dig into technical details and author white papers, blogs, and additional communications to ensure stakeholders are fully informed of the latest cyber risks and threats. The SRT provides breakdowns for the latest critical vulnerabilities on the Tenable blog.

When security events rise to the level of taking immediate action, Tenable - leveraging SRT intelligence -  notifies customers proactively to provide exposure information, current threat details and how to use Tenable products and capabilities to accelerate remediation.

This dashboard contains indicator style components to highlight any vulnerabilities related to the Tenable Research Advisories where Tenable issues customer guidance that immediate remediation was of paramount importance to all affected organizations. Tenable recommends addressing missing patches as identified in the dashboard components. 

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Security Industry Trends.

The dashboard requirements are: 

• Tenable.sc 6.2.0
• Nessus 10.6.1

The following components are included in this dashboard are:

Research Advisories - Citrix NetScaler ADC and NetScaler Gateway: In August 2023, Mandiant identified a zero-day exploitation impacting NetScaler ADC and NetScaler Gateway appliances. When NetScaler ADC or NetScaler Gateway is configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Depending on the permissions of the account they have hijacked, this could allow the attacker to gain additional access within a target environment and collect other account credentials. Successful exploitation allows the attacker to bypass multi factor authentication (MFA) requirements.

Research Advisories - curl Heap Overflow and Cookie Injection: On October 3, an open-source developer and maintainer of curl, took to X (formerly Twitter) to announce that a new high severity CVE would be fixed in curl 8.4.0. The developer noted that the release would be ahead of schedule and released on October 11, indicating in a reply to the twitter thread that this is 'the worst security problem found in curl in a long time.' 

Research Advisories - MOVEit: The CL0P Ransomware Group, also known as TA505, has exploited zero-day vulnerabilities across a series of file transfer solutions since December 2020. File transfer solutions often contain sensitive information from a variety of organizations. This stolen information is used to extort victims to pay ransom demands. In 2023, CL0P claimed credit for the exploitation of vulnerabilities in both Fortra’s GoAnywhere Managed File Transfer (MFT) and Progress Software’s MOVEit Transfer solutions. 

Research Advisories - log4shell: This matrix alerts organizations to potential concerns regarding the Log4j vulnerability. Displayed are the vulnerabilities that are directly associated with the log4shell CVEs (CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-4104, and CVE-2021-45105) and Log4j installations. 

Research Advisories - CISA Alerts AA22-011A and AA22-047A: On November 3rd, 2021, Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, and on Jan 11, 2022 CISA issued an alert (AA22-011A) warning of increased risk to U.S. critical infrastructure.  A total of 18 CVEs can be associated with this alert.  Hosts and Vulnerabilities identified and mitigated are displayed using the referenced CVE. 

Research Advisories - PrintNightmare: On July 1, Microsoft released an advisory for CVE-2021-34527. This advisory was released in response to public reports about a proof-of-concept (PoC) exploit for CVE-2021-1675, a similar vulnerability in the Windows Print Spooler. To help clear up confusion about the vulnerability, Microsoft updated its advisory for CVE-2021-1675 to clarify that it is similar but distinct from CVE-2021-34527. On July 6, Microsoft updated its advisory to announce the availability of out-of-band patches for CVE-2021-34527, a critical vulnerability in its Windows Print Spooler that researchers are calling PrintNightmare. This remote code execution (RCE) vulnerability affects all versions of Microsoft Windows. 

Research Advisories - MS Exchange ProxyLogon: On March 2, 2021 Microsoft released several critical security updates for zero-day Microsoft Exchange Server vulnerabilities, and reported that the exploits are actively being exploited by threat actors. Within a single week thousands of organizations world-wide have fallen victim. Tenable released several plugins for Exchange Server 2010, 2013, 2016 and 2019, which can be used to determine which Exchange Server systems are vulnerable in your environment.

When: Wednesday, December 12, 2018 - 5:30 PM - 7:30 PM
Where: Xenia Library at Meeting Room, 2nd Floor

THIS PROGRAM IS DESIGNED FOR PEOPLE WHO NEED TO USE THE LIBRARY SEWING MACHINES.
The pattern "No Measure Bargello" will be taught on the second Wednesday of each month starting March 14, 2018. Because it is a continuing program, it is important that you attend all sessions. The pattern takes a very difficult quilt design and makes it easy. You will complete a quilt top, learn how to sandwich a quilt together, machine quilt and bind it. All material will be provided for a lap size quilt. You will love the look and the easy way of creating such a stunning quilt.

When: Wednesday, December 12, 2018 - 5:25 PM - 7:25 PM
Where: Xenia Library

THIS PROGRAM IS DESIGNED FOR PEOPLE WHO CAN BRING THEIR OWN SEWING MACHINES.
The pattern "No Measure Bargello" will be taught on the second Wednesday of each month starting March 14, 2018. Because it is a continuing program, it is important that you attend all sessions. The pattern takes a very difficult quilt design and makes it easy. You will complete a quilt top, learn how to sandwich a quilt together, machine quilt and bind it. All material will be provided for a lap size quilt. You will love the look and the easy way of creating such a stunning quilt.

When: Wednesday, December 12, 2018 - 3:00 PM - 5:00 PM
Where: Xenia Library

THIS PROGRAM IS DESIGNED FOR PEOPLE WHO CAN BRING THEIR OWN SEWING MACHINES.
The pattern "No Measure Bargello" will be taught on the second Wednesday of each month starting March 14, 2018. Because it is a continuing program, it is important that you attend all sessions. The pattern takes a very difficult quilt design and makes it easy. You will complete a quilt top, learn how to sandwich a quilt together, machine quilt and bind it. All material will be provided for a lap size quilt. You will love the look and the easy way of creating such a stunning quilt.

When: Wednesday, December 12, 2018 - 3:00 PM - 5:00 PM
Where: Xenia Library at Meeting Room, 2nd Floor

THIS PROGRAM IS DESIGNED FOR PEOPLE WHO NEED TO USE THE LIBRARY SEWING MACHINES.
The pattern "No Measure Bargello" will be taught on the second Wednesday of each month starting March 14, 2018. Because it is a continuing program, it is important that you attend all sessions. The pattern takes a very difficult quilt design and makes it easy. You will complete a quilt top, learn how to sandwich a quilt together, machine quilt and bind it. All material will be provided for a lap size quilt. You will love the look and the easy way of creating such a stunning quilt.

Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America

Tools for food system policy development.

The post Identifying guidelines for the design of conditional credit programs to promote sustainable agricultural practices in Latin America appeared first on IFPRI.

Síntesis de evidencia: Lineamientos para el diseño de programas crediticios agropecuarios condicionados para el fomento de prácticas agropecuarias sostenibles

Enfoques para el desarrollo de políticas del sistema alimentario.

The post Síntesis de evidencia: Lineamientos para el diseño de programas crediticios agropecuarios condicionados para el fomento de prácticas agropecuarias sostenibles appeared first on IFPRI.

Mercosur Outlook launch: Charting a course for sustainable agricultural growth amid uncertainty

Meeting challenges of the coming growing season and beyond in South America.

The post Mercosur Outlook launch: Charting a course for sustainable agricultural growth amid uncertainty appeared first on IFPRI.

World Cities Day 2024: Building more inclusive, sustainable, and resilient urban food systems

IFPRI researchers on urbanization.

The post World Cities Day 2024: Building more inclusive, sustainable, and resilient urban food systems appeared first on IFPRI.

Global Food Policy Report 2024: Leveraging plant-source foods for sustainable healthy diets

Integrating more fruits, vegetables, and other high-quality crops into food systems.

The post Global Food Policy Report 2024: Leveraging plant-source foods for sustainable healthy diets appeared first on IFPRI.

Resource-poor rice farmers in Myanmar suffer double impact from political conflict

Productivity erodes amid turmoil.

The post Resource-poor rice farmers in Myanmar suffer double impact from political conflict appeared first on IFPRI.

An account of how the U.S. Army was created to fight a crucial Native American war. Describes how George Washington and other early leaders organized the Legion of the United States under General "Mad" Anthony Wayne in response to a 1791 militia defeat in the Ohio River Valley. -- Publisher

Event Begins: Wednesday, November 13, 2024 6:30pm
Location: Museum of Art
Organized By: Spectrum Center

Who are you? What is your story? How do you express yourself? The experiences of Black queer life are reflected in the ways we tell our stories. We will explore a kiki methodology grounded in ballroom culture and Black queer storytelling. Drawing from queer of color critique and narrative construction, kiki methodology engages in three components: Black queer meaning-making, Black queer storytelling, and Black queer artistic expression. Kiki methodology connects envisioning and centering words, feelings, and voices of the Black queer community in the form of storytelling in higher education. We will engage about what is needed to be in queer community and kinship through storytelling.

ABOUT DR. HUTCHINGS
Dr. Quortne R. Hutchings (they, them) is a first-generation college graduate, proud Ronald E. McNair scholar alum, and assistant professor of higher education at Northern Illinois University. Their research primarily focuses on Black gay, bisexual, queer, and non-binary undergraduate and graduate students’ academic and social experiences in higher education, minoritized student affairs professionals’ experiences in student and academic affairs, and supporting students, faculty, and staff navigating substance use and recovery. Their research has been published in the Journal of College Student Development, Departures in Critical Qualitative Research, Journal of Higher Education, and International Journal of Qualitative Studies in Education.

TRANS AWARENESS MONTH
Trans Awareness Month is presented by Spectrum Center, and events are presented by units across campus. Find more Trans Awareness Month events at spectrumcenter.umich.edu/trans-awareness-month

Event Begins: Wednesday, November 13, 2024 6:00pm
Location:
Organized By: Sessions @ Michigan

We invite you to participate in a series of student roundtable discussions, centering and exploring the experiences of ME students. Students at all levels are welcome to join, from undergraduate to Masters to PhD. These sessions are meant to bridge gaps in our community and show commitment of mutual support. 
Share Your TruthThis is your platform to express your experiences, aspirations, and concerns within our department. Your stories matter, and we are here to actively listen and learn from each other.
Forge ConnectionsConnect with fellow students who understand your journey. Build supportive networks, exchange ideas, and foster a sense of belonging within our community.
Inclusivity in ActionWhile our focus is on amplifying the voices of marginalized students, we embrace and celebrate the diversity within our community. Allies and friends committed to creating an inclusive environment are warmly encouraged to join us.
Each session will provide a meal and a ME swag item to all participants. To help us plan times for sessions please fill out the interest form by clicking on the button below. We look forward to connecting with you.

Event Begins: Wednesday, November 13, 2024 5:30pm
Location: Off Campus Location
Organized By: Museum of Natural History

Do we really consume a credit card’s worth of microplastics in a week? If microplastics are so small, how can they have such a big impact on our waterways? What are microplastics, anyway?

Explore these questions and more at November's Science Café! Please join Chris Ruf, Principal Investigator of the Remote Sensing Group (RSG) in the Climate and Space Sciences and Engineering Department (CLaSP) and graduate student Gopal Sundaram of the College of Engineering; Melissa Duhaime, Associate Professor in the Department of Ecology and Evolutionary Biology; and members of the Duhaime Lab (Rachel Cable, Lizy Michaelson, Skyler Har), for a discussion about one of our planet’s biggest tiny problems.

Event Begins: Wednesday, November 13, 2024 5:30pm
Location: Weiser Hall, 10th Floor
Organized By: Sessions @ Michigan

BLI Community Meetings are bimonthly events for Leadership Learning and Connection Making (with Delicious Food)!Are you interested in connecting with students from across campus while elevating your leadership learning? Exploring the possibilities in the BLI and enjoy a free dinner in a dynamic, welcoming, and supportive community.

Event Begins: Wednesday, November 13, 2024 5:30pm
Location: Weiser Hall
Organized By: Barger Leadership Institute

At this meeting, the BLI will be spreading love by making cards and sending them to Letters of Love to be distributed to children in hospitals. We will be emphasizing the importance of gratitude and giving back. Any undergraduate student at the University of Michigan is welcome to attend!

Event Begins: Wednesday, November 13, 2024 4:00pm
Location: Michigan League
Organized By: Center for Emerging Democracies

Immigration has become a polarizing issue across democratic, authoritarian, and transitioning contexts. Anti-immigrant rhetoric has become part of the standard playbook for authoritarian populists. Immigration policies in ostensibly democratic countries are becoming more restrictive, all while political conflict, war, pandemics, and intensifying climate change are leading to greater numbers of people migrating in search of safety and a better life. With immigration discourse taking up much of the oxygen in politics across the world, understanding the interconnections among immigration, democracy, and authoritarianism has become more important than ever. This roundtable brings together distinguished scholars to discuss how controversies surrounding immigration and immigrants have become critical for sustaining or upending democracy.

Moderator: Nandini Dey, Research Fellow, Center for Emerging Democracies.

Speakers:

Rebecca Wai
Ph.D. Candidate, Political Science Department, Freedom House Emerging Democracies Fellow, University of Michigan

Erin Chung
Professor of Political Science, Charles D. Miller Chair in East Asian Politics, Department of Political Science, Johns Hopkins University

Alexandra Filindra
Professor of Political Science & Psychology, University of Illinois-Chicago

Silvia Pedraza
Professor of Sociology and American Culture, University of Michigan

Zoom webinar link
Short URL link: https://myumi.ch/5yEEx

If there is anything we can do to make this event accessible to you, please contact us. Please be aware that advance notice is necessary as some accommodations may require more time for the university to arrange.

Event Begins: Wednesday, November 13, 2024 2:30pm
Location:
Organized By: University Career Center

Come join the Early Talent Team at M&T Bank for a fun and fast session to learn about what it's like to work at a Community Bank! We'll cover who we are as an organization as well as full time and internship opportunities we're currently hiring for. Come as youare! No pressure for video - join between classes or on a break! Don’t forget to follow us on Handshake as well!  Handshake - M&T Bank *Multiple sessions available to join throughout the fall semester!

Event Begins: Wednesday, November 13, 2024 2:00pm
Location: Off Campus Location
Organized By: Student Sustainability Coalition

The Student Sustainability Coalition manages $200,000 worth of grant money that we allocate to student groups who are working on projects related to environmental and social sustainability on Campus! Our grant programs include the Planet Blue Student Innovation Fund and the Social and Environmental Sustainability Grant.

Join us in these information sessions to learn more about which grant program is right for your project and get the support you and your team needs through the application process!

Info sessions take place virtually every Tuesday from 10-11a and every Wednesday from 2-3p. Come chat with us!

Event Begins: Wednesday, November 13, 2024 12:45pm
Location: Maize and Blue Cupboard inside Betsy Barbour
Organized By: Sessions @ Michigan

Come help us during normal operating hours; as well as, unload our weekly Food Gatherers deliveries and stock our shelves! If you are outside the U-M community, please reach out to maize.blue.cupboard@umich.edu to sign up.

Event Begins: Wednesday, November 13, 2024 12:00pm
Location: School of Social Work Building
Organized By: School of Social Work

We are delighted to announce that Dr. Uché Blackstock—an esteemed author, highly sought-after speaker on racism in medicine, and founder and CEO of Advancing Health Equity—will be virtually visiting the School of Social Work. During her visit, she will participate in a 30-minute fireside chat, followed by a 15-minute Q&A session. Lunch will be provided in the ECC for those attending in person who register by November 11, 2024.

In anticipation of her visit, we are pleased to offer 100 complimentary copies of her book, "LEGACY: A Black Physician Reckons with Racism in Medicine." To receive a free copy, please RSVP for the event. Upon confirming your attendance, you will be provided with a link to schedule a time to pick up your book in person, as we are unable to mail any copies.

We look forward to welcoming Dr. Blackstock and hope you take advantage of this unique opportunity to engage with her insightful work.

Event Begins: Wednesday, November 13, 2024 12:00am
Location: Online
Organized By: Maize Pages Student Organizations

bit.ly/p4pumcalendar

As San Francisco’s first and only Deaf-centered restaurant closed last week, many mourned its loss. Writer Anna Mindess reflects on what it means for the community.

Fruit & Vegetables for Sustainable Healthy Diets: 2024 FRESH Science Conference

Poor diets are a primary cause of malnutrition and the leading cause of disease worldwide. Improving diets, especially through increasing fruit and vegetable intake, can help to address these health and nutrition challenges. However, fruit and vegetable intake falls below recommended levels globally. The factors contributing to low fruit and vegetable consumption are complex, requiring […]

The post Fruit & Vegetables for Sustainable Healthy Diets: 2024 FRESH Science Conference appeared first on IFPRI.

79th session of the United Nations General Assembly and Climate Week 2024

The 79th session of the United Nations General Assembly marks a crucial milestone in the global effort to accelerate progress towards the 17 Sustainable Development Goals (SDGs). The highly anticipated Summit of the Future, held during UNGA, underscores the urgent need for enhanced international cooperation to address pressing challenges such as climate change, poverty and […]

The post 79th session of the United Nations General Assembly and Climate Week 2024 appeared first on IFPRI.

Advancing Sustainable Agri-food Systems for Climate Resilience, Food Security, and Global Collaboration

The livestream will be available on Tuesday November 12, 2024 at 5:00 – 6:30 pm (America/Sao_Paulo) / 3:00 – 4:30 pm (US/Eastern). Join us for an in-depth discussion on Avanzar2030, an evidence-based initiative that identifies promising innovations in agri-food systems and estimates the costs of implementing them. Launched in response to the 2021 UN Food […]

The post Advancing Sustainable Agri-food Systems for Climate Resilience, Food Security, and Global Collaboration appeared first on IFPRI.

Integrating reforms with global goals.

The 2024 Global Food Policy Report Stresses Urgent Need for Transformative Action to Achieve Sustainable Healthy Diets and Improved Nutrition

Washington DC, May 29, 2024: In the face of growing challenges posed by unhealthy diets, all forms of malnutrition, and environmental constraints, the 2024 Global Food Policy Report (GFPR) — released today by the International Food Policy Research Institute (IFPRI) — underscores the importance of transforming complex global food systems to ensure sustainable healthy diets for all. Progress […]

The post The 2024 Global Food Policy Report Stresses Urgent Need for Transformative Action to Achieve Sustainable Healthy Diets and Improved Nutrition appeared first on IFPRI.

Integrated Proteomics and Metabolomics Reveal Altered Metabolic Regulation of Xanthobacter autotrophicus under Electrochemical Water-Splitting Conditions  ACS Publications