Tenable Network Security Podcast Episode 170 - "Patching Firewalls, Penetration Testing vs. Vulnerability Scanning"
Announcements
- We're hiring! - Visit the Tenable Careers page for information about open positions.
- Check out our video channel on YouTube for Nessus and SecurityCenter tutorials.
- Find us on Twitter at http://twitter.com/tenablesecurity where we Tweet product and company announcements, Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for announcements, custom scripts, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
New & Notable Plugins
Nessus
General
- Default Password (nsroot) for 'nsroot' Account
- Citrix NetScaler Web Management Interface Default Administrator Credentials
- Clorius Controls ISC SCADA Detection
- Clorius Controls ISC SCADA Information Disclosure
- iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)
- iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)
- iTunes < 11.0.3 Certificate Validation Vulnerability (Mac OS X)
- HP-UX PHNE_42470 : s700_800 11.31 cumulative ARPA Transport patch
Microsoft
- MS13-037: Cumulative Security Update for Internet Explorer (2829530)
- MS13-038: Security Update for Internet Explorer (2847204)
- MS13-039: Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
- MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
- MS13-041: Vulnerability in Lync Could Allow Remote Code Execution (2834695)
- MS13-042: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
- MS13-043: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
- MS13-044: Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
- Microsoft Windows Essentials Installed
- MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
- MS13-046: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2840221)
- MS KB2820197: Update Rollup for ActiveX Kill Bits
- Microsoft Malicious Software Removal Tool Installed
- MS Security Advisory 2846338: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
Adobe
- Adobe ColdFusion Authentication Bypass (APSB13-13)
- Adobe ColdFusion Authentication Bypass (APSB13-13) (intrusive check)
- Adobe ColdFusion Multiple Vulnerabilities (APSA13-03)
- Adobe Acrobat < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)
- Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)
- Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15) (Mac OS X)
- Adobe AIR <= 3.7.0.1530 Multiple Vulnerabilities (APSB13-14)
- Flash Player <= 10.3.183.75 / 11.7.700.169 Multiple Vulnerabilities (APSB13-14)
- Adobe AIR for Mac <= 3.7.0.1530 Multiple Vulnerabilities (APSB13-14)
- Flash Player for Mac <= 10.3.183.75 / 11.7.700.169 Multiple Vulnerabilities (APSB13-14)
Juniper
- Juniper Junos SIP DoS (PSN-2013-04-911)
- Juniper Junos Firewall Bypass DoS (PSN-2013-04-912)
- Juniper Junos Proxy ARP DoS (PSN-2013-04-913)
- Juniper Junos J-Web Remote Code Execution (PSN-2013-04-914)
- Juniper Junos IPv6 Egress Filter DoS (PSN-2013-04-915)
- Juniper Junos Invalid Ether-type DoS (PSN-2013-04-916)
- Juniper Junos GRE DoS (PSN-2013-04-917)
- Juniper Junos DNSSEC Validation DoS (PSN-2013-04-918)
Web Applications
Passive Vulnerability Scanner
Vulnerability Detection
- ISC BIND 9 Assertion Error Resource Record RDATA Query Parsing Remote DoS
- ISC BIND 9 DNS RDATA Handling DoS
- ISC BIND 9 DNS64 Handling DoS
- ISC BIND 9 libdns Regular Expressions Handling DoS
- Clorius Controls SCADA Information Disclosure
- JouleTemp environmental server detection
- PostgreSQL < 8.3.20 / 8.4.13 / 9.0.9 / 9.1.5 Multiple Vulnerabilities
- Proficy Portal SCADA server detection
- Microsoft Security Essentials < v4.2 Local Privilege Escalation Vulnerability
- PostgreSQL < 8.3.19 / 8.4.12 / 9.0.8 / 9.1.4 Multiple Vulnerabilities
- PostgreSQL < 8.4.11 / 9.0.7 / 9.1.3 Multiple Vulnerabilities
- Digi Rabbit FTP Server Detection
- Digi Rabbit HTTP Server Detection
- Flash Player <= 10.3.183.75 / 11.7.700.169 Multiple Vulnerabilities (APSB13-14)
- Mozilla Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities
- Heatmiser server detection
- iBoot Bar server detection
- Mozilla Firefox 20.x <= 20 Multiple Vulnerabilities
- OSMA Heating server detection
- Sullair Econnect server detection
- XControl Process Automation server detection
- Adobe AIR <= 3.6.0.6090 Multiple Vulnerabilities (APSB13-11)
- Adobe AIR <= 3.7.0.1530 Multiple Vulnerabilities (APSB13-14)
- iTunes < 11.0.3 Multiple Vulnerabilities
Security News Stories
- CMS Hacking, A Look Into The ECCouncil Hack | Imperva Data Security Blog
- Firmware Hacking: The Samsung smart TV turn | Marco Ramilli's Blog
- The Difference Between a Vulnerability Assessment and a Penetration Test
- How to hack an electric car-charging station
- Security Risks of Too Much Security
- ownCloud fixes critical security vulnerabilities
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
Volt Typhoon: What State and Local Government Officials Need to Know
November 19, 2024Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
- Podcast