Date: Tuesday December 3 Time: 09:00 AM-01:00 PM Location: Steigenberger Tahrir, Diamond Hall This event is organized in collaboration between Sawiris Foundation for Social Development (SFSD), the International Food Policy Research Institute (IFPRI), a... Source: IFPRI Egypt Country Office

The objective of this analysis is to gain more insight into the coping behavior of households in Mali when facing covariate shocks and stressors of different kinds Source: IFPRI Africa Regional Office (AFR)

The objective of this analysis is to gain more insight into the coping behavior of households in Mali when facing covariate shocks and stressors of different kinds Source: IFPRI Africa Regional Office (AFR)

The CGIAR Initiative on National Policies and Strategies (NPS) presents: 'Livestock, Gender, and Agency Amid Conflict in Ethiopia' 📅 Dec 11, 2024, ILRI Info Center, Addis Ababa. Join us as we discuss CGIAR NPS’s latest findings to guide policies that strengthen Ethiopia’s livestock sector. CGIAR International Food Policy Research Institute (IFPRI) International Livestock Research Institute (ILRI) Policy Studies Institute […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

When the Fire Nation begins to believe that the country will perish if Zuko stays in power, Avatar Aang and his friends must protect the ruler.

"Children are disappearing in the Fire Nation capitol! Avatar Aang and his friends are doing everything in their power to save them--but will it be enough?! What's worse, when Azula--the mad sister of Fire Lord Zuko--appears on the scene, Zuko locks down the capitol to catch her, igniting fear and riots in the streets! Will Zuko follow in his evil father's footsteps in order to save those he holds dear?!"--Amazon.com.

"It's been a year since the horrific events at Freddy Fazbear's Pizza, and Charlie is just trying to move on. Even with the excitement of a new school and a fresh start, she's still haunted by nightmares of a masked murderer and four gruesome animatronic puppets. Charlie thinks her ordeal is over, but when a series of bodies are discovered near her school bearing wounds that are disturbingly familiar she finds herself drawn back into the world of her father's frightening creations. Something twisted is hunting Charlie, and this time if it finds her, it's not letting her go." -- Publisher's description.

"At Mt. Natagumo, Tanjiro, Zenitsu and Inosuke battle a terrible family of spider demons. Taking on such powerful enemies demands all the skill and luck Tanjiro has as he and his companions fight to rescue Nezuko from the spiders' web. The battle is drawing in other Demon Slayers but not all of them will leave Mt. Natagumo alive— or in one piece!" -- Page [4] of cover.

"In Taisho-era Japan, kindhearted Tanjiro Kamado makes a living selling charcoal. But his peaceful life is shattered when a demon slaughters his entire family. His little sister Nezuko is the only survivor, but she has been transformed into a demon herself! Tanjiro sets out on a dangerous journey to find a way to return his sister to normal and destroy the demon who ruined his life … After their initial confrontation with Kokushibo, the most powerful of Muzan's demons, Tokito is severely wounded and Genya has been cut in half— but is still alive! Can his regenerative power heal even this fatal wound? Then the Hashira Himejima and Sanemi square off against Kokushibo and unleash all the skill they have against him. Himejima is blind, but if he can see into the Transparent World, he might have a chance. Who will survive this whirlwind of flashing blades?"-- Provided by publisher.

"After centuries of preparation and training, the Demon Slayer Corps has come face-to-face with their nemesis, Muzan Kibutsuji. It is a desperate battle and several Demon Slayers have already been killed. Tanjiro himself has engaged Muzan, and, despite giving it everything he has, is taken out of the fight! Although severely injured and near death, he sees a vision of his ancestor that may hold the key to finally destroying Muzan! Can Tanjiro recover enough strength to fight Muzan to the finish?" -- Provided by publisher

"In Taisho-era Japan, Tanjiro Kamado is a kindhearted boy who makes a living selling charcoal. But his peaceful life is shattered when a demon slaughters his entire family. His little sister Nezuko is the only survivor, but she has been transformed into a demon herself! Tanjiro sets out on a dangerous journey to find a way to return his sister to normal and destroy the demon who ruined his life … Tanjiro finally chases down the main body of the upper-rank demon Hantengu. However, dawn is approaching, and the rising sun is a threat to Nezuko. Tanjiro's concern for his sister is a distraction from the focus he needs to fight Hantengu, and if he hesitates it could be the last mistake he ever makes! Elsewhere, Tamayo ponders the nature of Nezuko's curse and how she could be so different from other demons." -- Provided by publisher

On the very day of his wedding to the beautiful Mercedes, a young merchant sailor named Edmond Dantès is falsely imprisoned for life, laying to waste his plans of marriage and hard-earned fortune. Following several long years in prison he has managed to escape and reinvent himself as the mysterious Count of Monte Cristo. It is the reign of Napoleon Bonaparte and the Count has been plotting his revenge on the three men who had him falsely imprisoned. With a new identity, an incredible education abroad and a vast fortune, he has returned completely unrecognizable to those who had committed their crimes against him.

Selina Kyle returns to Gotham City as new socialite Holly Vanderhees, but she needs to outsmart rival Batwing to rise to the top of the city's criminal underbelly.

"Starting off with an attack on S.T.A.R. Labs in Gotham City by a giant robot that steals an entire room of the laboratory— Batman is going to have to stop it before it can cause more harm … and with Lex Luthor freshly back in Gotham— he knows where to start his search. Will Batman be able to topple the billionaire before he leaves Gotham?" -- Provided by publisher.

"Rumors of Heine's bloody connection to their father initially causes the princes' trust in their tutor to waver. When the truth of how Heine came to be the royal tutor is fully brought to light, will the darkness of years past yield to a brighter future— together?" -- Description provided by publisher.

"Harvey Dent is dead. Or is he? A gang of thieves thrusts Gotham City into a state of fear when they are mysteriously well armed with military-grade weapons: flamethrowers, grenade launchers, and even tanks. And this gang claims it is funded by none other than former district attorney Harvey Dent. Bruce Wayne, balancing his two lives, must find the truth by tapping his growing network of agents, including Alfred Pennyworth, Jim Gordon, Waylon 'Killer Croc' Jones, and the savvy new Catwoman. Bruce is distracted by the seemingly impossible return of another figure believed dead: his grandfather Adrian Arkham. He must also comfort his longtime friend, Gotham City Mayor Jessica Dent, who is scarred both physically and mentally from her experience with the Riddler, which resulted in the gruesome death of her brother. But is Harvey back, plotting revenge on a city he proclaims to be guilty? When Batman discovers the truth behind these many mysteries, his entire world unravels … ." -- Page [4] of cover.

"Giant, sprawling future Gotham City is under martial law, protected and regulated by a private security force led by the infamous Peacekeepers. Their mandate is to maintain the safety of the citizens of Gotham, regardless of any Constitutional rights, and to hunt down, incarcerate, or kill all masked vigilantes, villains, and criminals in the city limits. It's a dangerous and violent look at a possible future Gotham City and the heroes and villains who live there!" -- Provided by publisher.

"The long-awaited sequel to the Eisner-nominated Orange! Experience the world of Orange from a whole new perspective, as the fate of the present and future timelines unfolds from the point of view of the ever-cheerful third wheel, Suwa Hiroto. Reuniting years later in college, Suwa and Naho's lives have been forever scarred by their experiences in high school. They say time heals all wounds, but sometimes, time is not enough." -- Provided by publisher.

"In order to free the port town of Awa from an evil tyrant, Yona and her friends team up with Jaeha, the Green Dragon, and his fellow pirates. While Hak and the others are fighting Yang Kum-ji's forces, Yona and Yun infiltrate a human trafficking operation! When the enemy closes in and things look dire, what will Yona do?" -- Page [4] cover.

"Batman: White Knight Presents: Harley Quinn takes place two years after Batman: Curse of the White Knight. Azrael has wiped out criminals in Gotham, Jack Napier (formerly The Joker) is dead, Bruce Wayne (Batman) is in prison, and Harley Quinn is adjusting to life as a single mother, raising the twins she had with Jack. But as new villains arise, Harley is forced to dance with madness once again and confront her own past with The Joker and Batman while helping the Gotham City police and an eager young FBI agent uncover the truth behind a series of gruesome murders. This collection also features a chapter from Harley Quinn's newest digital first series, Harley Quinn Black + White + Red, told in a traditional black-and-white format with the color red uniquely shaping Harley Quinn's story." -- Provided by publisher.

"Welcome to the possible future state of Gotham. The Magistrate, a freelance military and surveillance corporation, has been hired by Gotham's leadership to turn the old city into a futuristic surveillance state free of vigilante-based crime/heroics. Batman, horrified to see what his city was becoming, fought tooth and nail against Magistrate— and they killed him for it. Or did they? Bruce Wayne survived this assassination attempt, and has been laying low for years now trying to sort out how to beat Magistrate. The only problem? He doesn't think he can anymore. They're too big, they're too powerful. And the latest horrific revelation? They have eyes everywhere. It's left to Batman for one last mission. Destroy their command center, expose the drones, and free the city. Whatever the cost." -- Provided by publisher.

"When Sunburst discovers the lost journal of Star Swirl the Bearded, he shares it with Twilight Sparkle. Together, they find out how the sorcerer and several other of Equestria's heroes, known as the Pillars of Old Equestria, sacrificed themselves to defeat the evil Pony of Shadows. After researching more about the heroes' disappearance, Twilight believes that the Pillars are still alive and trapped in limbo and becomes obsessed with trying to free them, but it might not be such a good idea!" -- Provided by publisher

Reproductions of the original sketches and text of an unfinished story by Hergé, with English translation and commentary.

Presents, in graphic novel format, the story of the Haitian Revolution and its role in Napoleon's decision to sell Thomas Jefferson and James Monroe the whole Louisiana Territory, when they sought to buy only New Orleans.

The Donner Party expedition is one of the most notorious stories in all of American history. It's also a fascinating snapshot of the westward expansion of the United States, and the families and individuals who sacrificed so much to build new lives in a largely unknown landscape. From the preparation for the journey to each disastrous leg of the trip, this book shows the specific bad decisions that led to the party's predicament in the Sierra Nevada Mountains. The graphic novel focuses on the struggles of the Reed family to tell the true story of the catastrophic journey.

"Nate Adams is just an average kid until the mysterious Whisper gives him the Yo-kai Watch. Now he can see what others cannot: Yo-kai of all shapes and forms! … A mysterious door opens, causing Nate to run into weird and wacky Yo-kai from the past, present and future. Watch as they participate in a battle royale to decide which Yo-kai is the strongest!" -- Provided by publisher.

"At home, Maggie is the odd one out. Her parents are preoccupied with the new baby they're expecting, and her younger brothers are twins and always in their own world. Maggie thinks a new puppy is the answer, but when she goes to select one on her birthday, she breaks out in hives and rashes. She's severely allergic to anything with fur! Can Maggie outsmart her allergies and find the perfect pet?." -- Description provided by publisher.

"A fun, action-packed fantasy adventure about a girl, her dog, and magic gone wrong! Quiet … birds … nature … . That's what Aster expects when her parents move their whole family to the middle of nowhere. It's just her (status: super-bored), her mom and dad (status: busy with science), her brother (status: has other plans), and … magic? In her new home, Aster meets a mysterious old woman with a herd of dogs who gives her a canine companion of her own. But when she and her dog Buzz are adventuring in the forest, they run into a trickster spirit who gives Aster three wishes. After wishing for the ability to understand and talk to her dog, she becomes only able to talk in dog language … and the trouble she gets into is just starting. Maybe the middle of nowhere will be more interesting than Aster thought."

"Magic turned Aster's life upside-down— and it's not over! Get ready for more family, more fun, and even more magic in this graphic novel adventure. Moving to the middle of nowhere has been less of a disaster than Aster expected. Her mom's science experiments are actually pretty cool; her dad's cooking has gotten much better; her new dog is possibly the best canine companion anyone could ask for. And she's gotten to save the day— and her family— and the whole valley she lives in— from various magical calamities in what even she has to admit were extremely fun adventures. So now she can have a break, right? Guess what? Oh no; things get even more interesting." -- Description provided by publisher.

"Sail the Pacific Islands in search of destiny and the demigod Maui in this retelling of Disney Moana. Moana is a spirited teenager who loves the ocean, yet she is forbidden to travel beyond the reef that surrounds her island home of Motunui. But she feels called to something more, and wants to discover who she was meant to be. When darkness begins to consume the island, and nature is out of balance, Moana knows the solution lies beyond the safety of the reef. Following the messages of her ancestors, and with encouragement from the ocean itself, Moana sails into the open sea to find the demigod Maui and right a wrong from his past. Together they face rough waters, monstrous creatures, and the unknown, in a mission to stop the darkness from spreading, and restore life to the islands! Become a master wayfinder in this action-packed story as Moana's love for the sea turns her into a hero among her people, the gods, and the ocean." -- Provided by publisher

"A fascinating and entertaining biography of Alexander Hamilton, in graphic novel format. Alexander Hamilton: The Fighting Founding Father!tells the story of one of the most ambitious and controversial figures in American history in a graphic novel format. From a rough childhood on the Caribbean island of Nevis to the highest levels of American politics, Alexander Hamilton's life was filled with adventure, conflict, and controversy. Full-color illustrations and an entertaining narrative make this graphical biography of America's first Secretary of the Treasury accessible for readers of all ages." -- Provided by publisher.

"A graphic biography of civil rights leader and American icon Martin Luther King Jr. This graphical biography tells the story of the most prominent leader of the American civil rights movement. With full-color illustrations and a historically accurate narrative, Martin Luther King Jr.: Voice for Equality! will inform and entertain readers of all ages. From his childhood in Atlanta to his rise as an international icon of human rights and a fiery orator who refused to back down in the face of adversity, King's life story serves as an ongoing source of inspiration." -- Provided by publisher.

This document is only available in PDF format.

This document is available as PDF only. The following links go to sections in the PDF. 

IntroductionThe members of the Canadian Securities Administrators (the CSA or we) are publishing for comment proposed amendments to National Instrument 94-101 Mandatory Central Counterparty Clearing of Derivatives (National Instrument 94

Recently I had the pleasure of engaging several events focusing on the intersection of food, nutrition, and health in China. First, I participated in the 3rd Belt & Road Initiative Global Health International Congress, held in Xi’an, which brought together stakeholders with a vision to strengthen exchanges and cooperation in health research for the Belt […]

Growing consensus in the scientific community indicates that higher temperatures and changing precipitation levels resulting from climate change will depress crop yields in many countries over the coming decades. This is particularly true in low-income countries, where adaptive capacity is low. Many African countries are particularly vulnerable to climate change because their economies largely depend on climate-sensitive agricultural production.

"Ethiopia's agricultural sector, which is dominated by smallscale, mixed-crop, and livestock farming, is the mainstay of the country's economy. It constitutes more than half of the country's gross domestic product, generates more than 85 percent of foreign exchange earnings, and employs about 80 percent of the population. Unfortunately, Ethiopia's dependence on agriculture makes the country particularly vulnerable to the adverse impactsof climate change on crop and livestock production.

The potential adverse effects of climate change on Ethiopia’s agricultural sector are a major concern, particularly given the country’s dependence on agricultural production. Securing Ethiopia’s economic and social well-being in the face of climate change requires that policymakers and stakeholders work together to integrate climate change adaptation into the country’s development process.

Ethiopia possesses abundant water resources and hydropower potential, yet less than 5 percent of irrigable land in the Blue Nile basin has been developed for food production, and more than 80 percent of Ethiopians lack access to electricity. Consequently, the Ethiopian government is pursuing plans to develop hydropower and irrigation along the Blue Nile River in an effort to tap into this underused potential.

 New research conducted by Tenable®, Inc., the exposure management company, has uncovered more than 26,500 potential internet-facing assets among Southeast Asia’s top banking, financial services and insurance (BFSI) companies by market capitalisation across Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.

On July 15, 2024, Tenable examined the external attack surface of over 90 BFSI organisations with the largest market capitalisations across the region. The findings revealed that the average organisation possesses nearly 300 internet-facing assets susceptible to potential exploitation, resulting in a total of more than 26,500 assets across the study group.

Singapore ranked the highest among the six countries assessed, with over 11,000 internet-facing assets identified across its top 16 BFSI companies. Over 6,000 of those assets are hosted in the United States. Next on the list is Thailand with over 5000 assets. The distribution of internet-accessible assets underscores the need for cybersecurity strategies that adapt to the rapidly evolving digital landscape.

“The results of our study reveal that many financial institutions are struggling to close the priority security gaps that put them at risk. Effective exposure management is key to closing these gaps,” said Nigel Ng, Senior Vice President, Tenable APJ. “By identifying and securing vulnerable assets before they can be exploited, organisations can better protect themselves against the growing tide of cyberattacks.” 

Cyber Hygiene Gaps 
The Tenable study revealed many potential vulnerabilities and exposed several cyber hygiene issues among the study group, including outdated software, weak encryption, and misconfigurations. These vulnerabilities provide cybercriminals with easily exploitable potential entry points, posing potential risk to the integrity and security of financial data. 

Weak SSL/TLS encryption 

A notable finding is that among the total assets, organisations had nearly 2,500 still supporting TLS 1.0—a 25-year old security protocol introduced in 1999 and disabled by Microsoft in September 2022. This highlights the significant challenge organisations with extensive internet footprints face in identifying and updating outdated technologies.

Misconfiguration increases external exposure

Another concerning discovery was that over 4,000 assets, originally intended for internal use, were inadvertently exposed and are now accessible externally. Failing to secure these internal assets poses a significant risk to organisations, as it creates an opportunity for malicious actors to target sensitive information and critical systems.

Lack of encryption 

There were over 900 assets with unencrypted final URLs, which can present a security weakness. When URLs are unencrypted, the data transmitted between the user's browser and the server is not protected by encryption, making it vulnerable to interception, eavesdropping, and manipulation by malicious actors. This lack of encryption can lead to the exposure of sensitive information, such as login credentials, personal data, or payment details, and can compromise the integrity of the communication.

API vulnerabilities amplify risk

The identification of over 2,000 API v3 out of the total number of assets among organisations' digital infrastructure poses a substantial risk to their security and operational integrity.

APIs serve as crucial connectors between software applications, facilitating seamless data exchange. However, inadequate authentication, insufficient input validation, weak access controls, and vulnerabilities in dependencies within API v3 implementations create a vulnerable attack surface.

Malicious actors can exploit such weaknesses to gain unauthorised access, compromise data integrity, and launch devastating cyber attacks.

“The cybersecurity landscape is evolving faster than ever, and financial institutions must evolve with it, so they can know where they are exposed and take action to close critical risk” Ng added. “By prioritising exposure management, these organisations can better protect their digital assets, safeguard customer trust, and ensure the resilience of their operations in an increasingly hostile digital environment.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Notes to Editors:

1. Tenable examined the top 12-16 BFSI companies discoverable based on market cap. 
2. In the context of this alert:

• An asset is a domain name, subdomain, or IP addresses and/or combination thereof of a device connected to the Internet or internal network. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Example: foo.tld, bar.foo.tld, x.x.x.xs.
• The Attack Surface is from the network perspective of an adversary, the complete asset inventory of an organisation including all actively listening services (open ports) on each asset.

Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

• EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
• Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
• Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurityon September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, announced today that Shelly Raban, senior cloud security researcher for Tenable, will give a presentation at fwd:cloudsec Europe 2024, taking place on 17 September, 2024 in Brussels, Belgium.

During the session titled, “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and Beyond),” Raban will explore techniques adversaries use to exploit modern policy-as-code and Infrastructure-as-code (IaC) domain-specific languages (DSLs), compromise cloud identities and exfiltrate sensitive data. Raban will conclude her presentation by sharing various detection strategies that cyber defenders can implement to detect malicious activity. 

The session will be hosted in the Main Room from 2:50 - 3:10 pm CEST. 

More information on the event is available on the fwd:cloudsec Europe website. 

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organizations can confidently expose and close AI risk, without inhibiting business operations.

The rapid development and adoption of AI technologies in the past two years has introduced major cybersecurity and compliance risks that organizations must proactively address without established best practices. As a result, cybersecurity teams face significant AI-related challenges, such as vulnerability detection and remediation, containing data leakage and reining in unauthorized AI use. 

According to recent Tenable Research, more than one-third of security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes. In fact, during a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The cybersecurity risk of unfettered AI usage is compounded by the increasing volume of AI vulnerabilities. Tenable Research has found and disclosed several vulnerabilities in AI solutions, including in Microsoft Copilot, Flowise, Langflow, among others.

With AI Aware, Tenable transforms proactive security for AI solutions. Tenable AI Aware uniquely leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. The combined depth of these multiple assessment methods delivers the most complete detection of AI in the modern ecosystem. 

[Watch the Tenable AI Aware product demo video here.]

“In an effort to keep pace with the sea change introduced by AI, organizations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy and compliance red flags,” said Shai Morag, chief product officer, Tenable. “Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organizations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies.”

In addition to AI software and vulnerability detection, key AI Aware features available in Tenable Vulnerability Management, Tenable Security Center and Tenable One include:

• Dashboard Views provide a snapshot of the most common AI software discovered in the ecosystem, top assets with vulnerabilities related to AI and the most common communication ports leveraged by AI technologies. 
• Shadow Software Development Detection illuminates the unexpected existence of the building blocks of AI development in the environment, enabling businesses to align initiatives with organizational best practices.
• Filter Findings for AI Detections enable teams to focus on AI-related findings when reviewing vulnerability assessment results. Combined with the power of Tenable Vulnerability Prioritization Rating (VPR), teams can effectively assess and prioritize vulnerabilities introduced by AI packages and libraries. 
• Asset-Centric AI-Inventory provides a complete inventory of AI-related packages, libraries and browser plugins while reviewing the detailed profile of an asset. 

Join the upcoming Tenable webinar titled, "Mitigating AI-Related Security Risks: Insights and Strategies with Tenable AI Aware" on October 9, 2024 at 11:00 am ET, by registering here.

More information on Tenable AI Aware is available at: https://www.tenable.com/products/vulnerability-management/ai-aware 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced the availability of Tenable Enclave Security, a solution that supports the needs of customers operating in highly secure environments, such as those that are classified or otherwise air-gapped. Backed by Tenable Security Center, Tenable Enclave Security protects IT assets and modern workloads with risk assessment and contextual insight so organizations can identify exposures before they cause damage.

Federal agencies face unique security and compliance regulations when deploying cloud solutions, and Tenable Enclave Security is key to supporting public sector customers, as well as commercial organizations with strict data residency, security or privacy requirements. 

Built to support the strictest security requirements, including FedRAMP High and Impact Level 5, Tenable Enclave Security empowers agencies to know, expose and close IT and container exposures from a single, highly secure platform. This consolidated approach also eliminates tool sprawl, reduces costs and boosts efficiency for public sector organizations.

“As a leader in vulnerability management and cloud security and a longtime partner of governments all around the world, we’re perfectly positioned to tap into our expertise and deliver mission critical capabilities to assist government agencies as they transform their IT strategy and safely embrace modern workloads to speed innovation,” said Robert Huber, chief security officer and president, Tenable Public Sector, Tenable. “With Tenable Enclave Security, agencies are now able to gain a fuller understanding of their exposure and risk with the ability to continuously discover, assess and prioritize vulnerabilities across IT assets and container images, all from a single, highly secure framework.”

Tenable Enclave Security will immediately enable organizations to: 

• Meet cloud security and data residency restrictions: Tenable Enclave Security enables customers to meet stringent cloud security and data residency requirements, such as FedRAMP High or Impact Level 5. It can meet customers’ needs wherever they reside, with the ability to be deployed on-prem, in a virtual private cloud or commercial cloud.
• Secure containers before they hit production: As agencies modernize their infrastructure, containers create a more efficient manner to create applications and modernize existing ones. Tenable Enclave Security empowers organizations to quickly assess the risk in their container images, expose their vulnerabilities and understand the breadth of impact.
• Centralize security tools: Unlike siloed solutions with fragmented visibility, Tenable Enclave Security provides protection for IT assets and modern workloads from a single deployment architecture. 

For more information on Tenable Enclave Security, please visit: https://www.tenable.com/products/enclave-security 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, Inc. the exposure management company, today announced that Bank of Yokohama, one of the largest of the major regional banks in Japan, has chosen Tenable Identity Exposure to protect its Active Directory and enhance the bank’s ability to protect its internal systems from cyber threats.

Bank of Yokohama, based in Kanagawa Prefecture and Tokyo Metropolitan, is committed to enhancing industry security standards. In 2023, it collaborated with 19 other regional banks to establish CMS-CSIRT, an organization providing mutual cybersecurity support. Unlike megabanks, regional banks often face resource and budget constraints, making such collaborative efforts crucial for implementing effective security programs.

As part of its objectives for FY 2023, the Bank of Yokohama wanted to improve Active Directory (AD) security as it’s the most crucial system in the bank’s intranet. Previously, the bank only applied security patches periodically without any tool or system to detect Active Directory misconfigurations or attacks. Given the evolving threat landscape and rise of attacks involving an identity breach, enhancing the security of Active Directory became a top priority.

“Attackers who have infiltrated an organization's internal system or who wield ransomware and other malware, almost always make a beeline for Active Directory,” said Mr. Akihiro Fushimi, Leader, Concordia Financial Group ICT Governance Department, Security Governance Section and Bank of Yokohama ICT Planning & Promotion Department, Security Governance Section. “They steal user account privileges and elevate them via Active Directory, to enable them to access important data. So, securing Active Directory was an area that we wanted to invest in.”

Bank of Yokohama already used Tenable Security Center for vulnerability management and trusted Tenable's reliability. Selecting Tenable Identity Exposure was an easy decision, with its fast, agentless feature ensuring a seamless deployment process.

The deployment of Tenable Identity Exposure provided the Bank of Yokohama with an in-depth view of its Active Directory. The bank can now accurately identify every AD account, including dormant accounts and machine identities, and understand the potential risks of exploitation by malicious actors due to the multi-functional capabilities of Active Directory. Tenable Identity Exposure detects many of the techniques used in cyber attacks to gain elevated privileges and enable lateral movement, including DCShadow, Brute Force, Password Spraying, Golden Ticket and more.

“Previously, we were under the impression that all we needed to do was to apply patches and manage accounts. Now, with the deployment of Tenable Identity Exposure, we are physically able to see the risk of exploitation. This, I believe, is the positive impact of deploying Tenable Identity Exposure. Its alert functions are comprehensive—it detects vulnerabilities as well as misconfigurations,” said Mr. Shinnosuke Shimada, Bank of Yokohama ICT Planning & Promotion Department, Security, Governance Section.

“Many organizations struggle to maintain proper Active Directory security as their domains grow more complex, often leaving flaws undetected until a major incident occurs. Given the high-profile attacks involving AD in recent years, it's crucial to prioritize AD security within the overall cybersecurity strategy,” said Naoya Kishima, Country Manager, Tenable Japan. “Bank of Yokohama recognizes this need, and we're pleased to support them in their security journey.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Media contact
Tenable PR
tenablepr@tenable.com 

Tenable®, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

Today’s cloud environments are more complex than ever. The challenge of managing this complexity has led to preventable security gaps caused by misconfigurations, risky entitlements and vulnerabilities, leaving sensitive data and AI resources vulnerable. In fact, Tenable Research found that 38% of organizations are battling a toxic cloud trilogy – cloud workloads that are publicly exposed, critically vulnerable and highly privileged. 

Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments, including vulnerabilities, misconfigurations and excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning. With Tenable Cloud Security’s intuitive user interface, security leaders can easily answer tough questions – such as “What type of data do I have in the cloud and where is it located?,” “What AI resources are vulnerable and how do I remediate the issue?” and “Who has access to my sensitive cloud and AI data?”

“Data is constantly on the move and new uses for data in today’s AI-driven world have created new risks,” said Liat Hayun, vice president of product management for Tenable Cloud Security. “DSPM and AI-SPM capabilities from Tenable Cloud Security bring context into complex risk relationships, so teams can prioritize threats based on the data involved. This gives customers the confidence to unlock the full potential of their data without compromising security.”

“The importance of cloud data has made communicating data exposure risk one of the biggest security challenges for CISOs,” said Philip Bues, senior research manager, Cloud Security at IDC. “Tenable is at the forefront of this emerging DSPM-CNAPP conversation, enabling customers to contextualize and prioritize data risk and communicate it, which is pertinent to almost every domain in CNAPP.”

AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data. With the combined power of AI-SPM and Tenable Cloud Security’s market-leading cloud infrastructure entitlement management (CIEM) and Cloud Workload Protection (CWP) capabilities, customers can manage AI entitlements, reduce exposure risk of AI resources, and safeguard critical AI and machine learning training data to ensure data integrity. 

Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:

• Gain complete visibility and understanding of cloud and AI data - Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface. 
• Effectively prioritize and remediate cloud risk - Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
• Proactively identify cloud and AI data exposure - Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity. 

Join the upcoming Tenable webinar, “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” on October 22, 2024 at 10 am BST and 11 am ET, by registering here. 

Read today’s blog post, “Harden your cloud security posture by protecting your cloud data and AI resources” here. 

With a Net Promoter Score of 73, Tenable Cloud Security helps customers around the world expose and close priority threats. More information about DSPM and AI-SPM capabilities available in Tenable Cloud Security is available at: https://www.tenable.com/announcements/dspm-ai-spm

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com