Tenable Network Security Podcast Episode 156 - "WordPress Vulnerabilities, Configuration Auditing Benefits"

Announcements

• U.S. Navy sees 110K cyber attacks every hour: Tenable Network Security’s take on White House EO on cybersecurity
• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Barracuda Appliances Default Credentials
• GRAND Flash Album Gallery Plugin for WordPress f Parameter Traversal Arbitrary Directory Enumeration
• Default Password (raspberry) for 'pi' Account
• Default Password (openelec) for 'root' Account
• Default Password (raspi) for 'root' Account
• MySQL Protocol Remote User Enumeration
• Uploader Plugin for WordPress File Upload Arbitrary Code Execution
• Apple iOS < 6.1 Multiple Vulnerabilities
• ViArt Shop sips_response.php DATA Parameter Request Parsing Remote Shell Command Execution
• Patch Management Windows Auditing Conflicts
• Patch Management Auditing Satisfied
• Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow
• Schneider Electric Interactive Graphical SCADA System (IGSS) Unsupported Version
• Opera < 12.13 Multiple Vulnerabilities
• Wireshark 1.6.x < 1.6.13 Multiple Vulnerabilities
• Wireshark 1.8.x < 1.8.5 Multiple Vulnerabilities
• Cisco VPN Client Unsupported
• Joomla! 2.5.x < 2.5.7 Multiple XSS

Passive Vulnerability Scanner

• Apple iOS < 6.1 Multiple Vulnerabilities
• Opera < 12.13 Multiple Vulnerabilities

Nessus Configuration and Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.

• DISA STIG Microsoft Windows 8 Audit

Stories

1. HP Communities - Twitter attacked - Catches, stops attack-in-progress | Enterprise Business Community
2. 86,800 network printers open to the whole internet – is one of them yours? | Naked Security
3. The Physical Security Factor With Cloud Providers
4. Android malware uses your PC's own mic to record you
5. Oracle blocks security hole with quick, hot 'n' premature Java update