Tenable Blog

It seems that in recent history, the SSL library continues to give security teams plenty of opportunities to interface with systems/application administrators and vendors to upgrade SSL in their environments. The latest vulnerability to impact SSL is CVE-2015-0204, known in the media as "FREAK," short for Factoring RSA EXPORT Keys. FREAK can facilitate a man-in-the-middle attack and force a browser to export a weak 512-bit key, which can be factored in just a few hours.

A major vulnerability was disclosed today in the GNU C Library (“glibc”). CVE-2015-0235, known as “GHOST” in the media, affects Linux systems that use versions of the library prior to glibc-2.18, which was released on August 12, 2013. The GNU C Library is commonly used for standard system calls by programs written in C and C++. The vulnerability is a heap-based buffer overflow which affects the gethostbyname() and gethostbyname2() glibc function calls.

There was a time in early 2000 when the word "virtualization" was synonymous with VMware, and rightly so. After all, VMware started the second coming of this revolutionary technology after IBM. But open source hypervisor solutions such as Xen and KVM have been slowly nibbling at this market share and have made names for themselves in the past decade. Today, it is not uncommon to see multi-hypervisor deployments in a typical data center.

About a month ago, I wrote a blog to understand customer interest in a unified framework that would enable multi-vendor, cross-platform collaboration for identity and access management along with vulnerability assessment. This would allow organizations to increase granularity of device and user visibility for identifying risk in their environment and help expedite review and response to critical issues.

Today Tenable has released Nessus v6 for download. This latest version helps reduce your attack surface by enforcing compliance and system hardening policies. Nessus users can create and customize compliance and security policies while also managing scan results, schedules, and policies.

This Introduction to Nessus v6 video provides an overview of the new features:

In a pioneering cooperative effort, several industry security leaders, including Tenable, have been working on a project led by Novetta Solutions to investigate, report on, and take action against the major threat actor group dubbed “Axiom.” According to Novetta, over the past six years, Axiom’s intelligence-gathering activities have impacted international private organizations primarily in the fields of telecommunications, security, and integrated circuits, and government agencies focusing on aerospace, humanitarian and environmental issues.

With Tenable’s Nessus, security and compliance teams can audit and inventory devices and software to identify what is malicious, abnormal or out-of-compliance. However, do you ever need to pinpoint the offending system or software to its user?

At Tenable, we’ve heard from customers who are looking for a unified framework that enables multi-vendor, cross-platform network system collaboration among IT infrastructure, network policy, identity and access management, and other IT operations.