Tenable Network Security Podcast Episode 178 - "PVS Free Trial, Control System Traps"
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
Passive Vulnerability Scanner (PVS) Update
- At the recent Black Hat USA 2013 conference, we announced that PVS will be released as a standalone product, including a free trial. The interface was showcased at the Tenable booth on the show floor and met with a warm welcome. Users can interact with PVS using an HTML5 interface similar to Nessus. What are some of the most compelling use cases for PVS?
Industrial Control System (ICS) Honeypot
- One of the most talked about presentations from Black Hat was given by researchers who created a fake ICS system, let attackers from across the globe "hack" it, and locate more than 70 different systems that fell into the trap. I believe this helps to raise awareness about security vulnerabilities in ICS systems and shows that attackers will take the opportunity to strike at these valuable targets. The question becomes: Is locating the attackers' systems against the law? Even better, is this valuable data?
Web Services Everywhere
- One thing that always amazes me is just how many web services exist at any given time on an organization's network. While you must spend time analyzing the security of the applications you know about, you must also look at the web services that tend to hide on your network. So many devices and applications use web services for management, so the results can be overwhelming. Recently released SecurityCenter dashboards and reports help you get a handle on the different web services in your environment. Our products are able to collect detailed information about web services as they reveal information about themselves when you connect to the service, making it easy to identify, but difficult to keep on a leash. What types of web services are the most concerning in terms of a security threat, and what can you do about them?
New & Notable Plugins
Nessus
General
- Cisco IOS Extensible Authentication Protocol Vulnerability (cisco-sr-20071019-eap)
- Blue Coat ProxySG SGOS Version
- Blue Coat ProxySG Core File Information Disclosure
- Blue Coat ProxySG Unspecified XSS
- MyBB < 1.6.10 Multiple Vulnerabilities
- RT 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities
- Check Point ZoneAlarm Detection
- Apache 2.4 < 2.4.5 Multiple Vulnerabilities
Passive Vulnerability Scanner
Vulnerability Detection
- EAServer <= 6.3.1 / 6.2 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.12 Multiple Vulnerabilities
- Line Client Detection
- Oracle VirtualBox Detection
- Oracle VM VirtualBox 4.2 < 4.2.14 tracepath Local Denial of Service
- WhatsApp Client Detection
- Kakao Client Detection
- Kakao Client Detection
- Apache 2.4 < 2.4.5 Multiple Vulnerabilities
- DRAC server detection
- Intel Active Management Server Detection
- Megarac server detection
- QNX Server Detection
- QNX Server Detection
- ServerView server detection
- Atvise Server Detection
- Google Chrome < 28.0.1500.95 Multiple Vulnerabilities
- Kingfisher Debug Terminal Detection
- Apache Subversion < 1.8.1 / 1.7.11 Remote Denial of Service Vulnerability
SecurityCenter Dashboards and Report Templates
Security News Stories
- admin to SYSTEM win7 with remote.exe
- Firefox Zero-Day Used in Child Porn Hunt?
- Chinese hackers take over fake water utility
- FBI allowed informants to break law more than 5,600 times in year
- Android Apps Can Access All of Your Google Account
- Posh potty owners flushed by dodgy Bluetooth password
- iOS Weaknesses Allow Attacks Via Trojan Chargers
- Water-Utility Honeynet Illuminates Real-world SCADA Threats
- Windows phones open to hackers when connecting to rogue Wi-Fi
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
Volt Typhoon: What State and Local Government Officials Need to Know
November 19, 2024Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
- Podcast