Tenable Network Security Podcast Episode 137 - "Java 0Day, Hiding in Virtual Machines"
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
New & Notable Plugins
Nessus
- Eucalyptus Walrus Key Verification Authentication Bypass
- Apache 2.4 < 2.4.3 Vulnerabilities
- Oracle Integrated Lights Out Manager Default Credentials
- Microsoft Windows SMB Registry : Windows 8 / Server 2012 Service Pack Detection
- Scrutinizer < 9.5.2 Vulnerabilities
- Bugzilla < 3.6.10 / 4.0.7 / 4.2.2 / 4.3.2 Information Disclosures
- phpMyAdmin 3.4.x < 3.4.11.1 / 3.5.x < 3.5.2.2 XSS Vulnerabilities
Passive Vulnerability Scanner
- NetFlix on-demand media streaming to the Apple iPad
- Sophos Anti-virus Version Detection
- VMWare VI Client Version Detection
- Apache 2.4 < 2.4.3 Vulnerabilities
- Hulu on-demand media streaming to the Apple iPad
- Opera < 12.01 Vulnerabilities
Compliance Checks
Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.
Stories
- Weaknesses in MS-CHAPv2 authentication
- Five 0days: HP in the security dock
- Closing off a hole in Outlook
- Malware Attack Against VMware Limited In Scope
- Y'all encountered a Mainframe and didn't even know it!
- Hiding Your Shells
- JBOSS Exploitation
- Disney Sitcom Says Open Source Is Insecure
- Ghosts In The ROM: Hacking Into A 25 Year Old Macintosh Easter Egg
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Podcast