Tenable Network Security Podcast Episode 137 - "Java 0Day, Hiding in Virtual Machines"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Eucalyptus Walrus Key Verification Authentication Bypass
• Apache 2.4 < 2.4.3 Vulnerabilities
• Oracle Integrated Lights Out Manager Default Credentials
• Microsoft Windows SMB Registry : Windows 8 / Server 2012 Service Pack Detection
• Scrutinizer < 9.5.2 Vulnerabilities
• Bugzilla < 3.6.10 / 4.0.7 / 4.2.2 / 4.3.2 Information Disclosures
• phpMyAdmin 3.4.x < 3.4.11.1 / 3.5.x < 3.5.2.2 XSS Vulnerabilities

Passive Vulnerability Scanner

• NetFlix on-demand media streaming to the Apple iPad
• Sophos Anti-virus Version Detection
• VMWare VI Client Version Detection
• Apache 2.4 < 2.4.3 Vulnerabilities
• Hulu on-demand media streaming to the Apple iPad
• Opera < 12.01 Vulnerabilities

Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.

• New audit policies generated from DISA...

Stories

1. Weaknesses in MS-CHAPv2 authentication
2. Five 0days: HP in the security dock
3. Closing off a hole in Outlook
4. Malware Attack Against VMware Limited In Scope
5. Y'all encountered a Mainframe and didn't even know it!
6. Hiding Your Shells
7. JBOSS Exploitation
8. Disney Sitcom Says Open Source Is Insecure
9. Ghosts In The ROM: Hacking Into A 25 Year Old Macintosh Easter Egg