Tenable Network Security Podcast - Episode 200
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter and Facebook accounts at http://www.tenable.com/podcast!
Discussion
- SCADA Device Vulnerability Detection - How do we do it? Scan, Sniff, Log, "Real-time" all these words come into play, but what do they really mean and how do they help you solve problems and reduce risk? How do we deal with XP in this environment? How do we deal with XP in general? Read More
- Why Isn't My Host Vulnerable?- Lots of questions like this, in the past week, welcome to our world. Three things: 1) Use the audit trail to find out why a plugin did not run (e.g. Your host is not running SSL) 2) Use the knowledge base to find which plugins did fire (e.g. Did you enable a port scanner on all ports?) 3) Monitor Logs/Packets - Fire up tcpdump/wireshark, see if traffic is getting there, look in the logs on the target and see what is happening.
- Looking For The Right Stuff - Like this
- Query to find active vulnerabilities 30 days old or more. When you are collecting all the stuff, you can ask questions like this and get answers. Such as "which hosts are running SSL?" or "Which hosts have SSL certificates older than a week?".
Nessus
- Flash Player for Mac <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09) (Mac OS X)
- Cisco IOS XR ICMPv6 Redirect Denial of Service
- WMI EMET Configuration Enumeration
- BlackBerry < 10.2.0.1055 qconnDoor Buffer Overflow
- Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)
- Adobe AIR for Mac <= 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)
- BACnet Protocol Detection
- MediaWiki Unsupported Version Detection
- Amazon Linux AMI Update: kernel / openssh Denial of Service (ALAS-2014-319)
Passive Vulnerability Scanner
Vulnerability Detection
- CUPS < 1.7.2 Reflected Cross-Site Scripting Vulnerability
- Mac OS X : Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities
- Google Chrome < 34.0.1847.116 Multiple Vulnerabilities
- TLSv1 Traffic Negotiation Detection
- DTLS Heartbeat Negotiation Detection
- DTLS v1.2 Traffic Negotiation Detection
- DTLS v1.0 Traffic Negotiation Detection
- SSL Content-Type Heartbeat Detection
- OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities
- Windows RDP / Terminal Services Detection
- UDP Protocol Detection
- Generic TCP Protocol Detection
- DNSSEC Client Query Detection
- MediaWiki Password Reset Cross-site Request Forgery Vulnerability
- MailStation Server Detection
- TLS v1.1 Traffic Negotiation Detection
- Fortinet Security Device Detection
- AirMail OSX Client Detection
SecurityCenter Apps
Dashboards
Reports
Security News Stories
- Notorious troll and hacker Weev has conviction overturned
- OpenSSL: The single line of code that broke online security
- How To Securely Erase Your SSD Without Destroying It
- The security of the most popular programming languages
- Google Might Reward Secure Websites With Better Ranking
- Galaxy S5 Fingerprint Scanner Hacked With Glue Mould
- Organizations suffer SQL Injection attacks, but do little to prevent them
- HD Manufacturer LaCie Admits Yearlong Data Breach
- Windows XP Alive & Well in ICS/SCADA Networks
- Black Hat USA 2014: Pentesting? Thought You'd Never Ask
Related Articles
CVE-2022-3786 and CVE-2022-3602: OpenSSL Patches Two High Severity Vulnerabilities
November 1, 2022OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7.
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- OpenSSL
- Podcast
- SCADA