Tenable Network Security Podcast - Episode 60
Welcome to the Tenable Network Security Podcast - Episode 60
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
Announcements
- A new blog posts has been published this week:
- Don't forget to sign up for Advanced SIEM Webinar Series - November through December
- Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!
Stories
- SSL: the sites which don't want to protect their users - With it being "Cyber Monday", I thought this post was timely.
- Whacking Moles - It's neat that defenders still like to play the process "whacking" game, even though you can execute everything in memory using an already existing process. It does make for fun command line kung fu though, which I still think is handy if you are a systems administrator.
- Windows "0-Day" Flaw Bypasses UAC - There are many users who believe either one of two things about UAC: 1) "Wow, this really helps me be secure!" or 2) "Wow, this is annoying, turning it off now". In either case, the user is in a bad situation. Believing that something can keep you secure often leads to a quick downfall.
- You're Only As Secure As Your DNS Servers - As Secunia found out, you should have some pretty tight security around your DNS server, especially if you run a service where users can scan their PCs for outdated software. Wow, wouldn't that be a neat database for an attacker to get their hands on!
- Apple iOS Networking Packet Filter Rule Invalid Pointer Access Local Privilege Escalation - Remote attacks against iPhones would be bad as they are easy to identify on the network. You could even target just AT&T address space.
- ZeuS variant only infects super-fast PCs - Malware authors are looking to evade detection and analysis, rather than just harness computing power. Even a bunch of slow PCs can do a lot of "evil bidding".
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Podcast