Tenable Network Security Podcast Episode 189 - "Nessus UI v2.0 Released"

Announcements

• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus, PVS, and SecurityCenter tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

Discussion & Highlighted Plugins

• Nessus UI v2.0 Released - Tenable recently announced a new release of the Nessus vulnerability scanner user interface (UI)! This is a major update which provides several new features and enhancements, including a redesigned UI, usability improvements to enhance scan scheduling, processing, and analysis, and policy creation wizards. Specifically, some of the new UI features include:
  • Folders to store scan results: Organize scan results in customized folders, making it easy to locate specific scans and consolidate like vulnerability data.
  • Sort hosts by compliance: Compliance status is integrated into your scan results, making it easy to see the compliance check pass/fail ratio and quantities for each host.
  • One-click metadata access: Host, plugin, and scan information with recommendation and error notes is now easily accessible from within the scan window, putting relevant details right at your fingertips to aid with scan failure and vulnerability investigations.

Nessus

• Apache mod_fcgid Module < 2.3.9 fcgid_header_bucket_read() Function Heap Buffer Overflow
• Panda AdminSecure Communications Agent < 4.50.0.10 Directory Traversal
• Puppet Enterprise < 3.1.0 Multiple Vulnerabilities
• Novell ZENworks umaninv Information Disclosure
• EMC NetWorker 8.x < 8.0.2.3 Management Console Information Disclosure
• Apache PHP-CGI Remote Code Execution
• Oracle Secure Global Desktop Linux Installation Detection
• Oracle Secure Global Desktop Administration Console Detection
• Oracle Secure Global Desktop ttaauxserv Remote Denial of Service (credentialed check)
• Oracle Secure Global Desktop ttaauxserv Remote Denial of Service (remote check)

Passive Vulnerability Scanner

• Mozilla Thunderbird < 24.1 / 17.0.10 (ESR) Multiple Vulnerabilities
• Mozilla SeaMonkey < 2.22 Multiple Vulnerabilities
• Mozilla Firefox < 25.0 / 24.1 (ESR version) / 17.0.10 (ESR version) Multiple Vulnerabilities
• ISAKMP Server Detection
• ISAKMP Client Detection
• Encapsulating Security Payload (ESP) Session Setup

SecurityCenter Apps

Dashboards

Reports

Security News Stories

1. The badBIOS Analysis Is Wrong | RootWyrm's Corner
2. Researcher Finds Method to Insert Malicious Firmware Into Currency Validator | Threatpost
3. Meet "badBIOS," the mysterious Mac and PC malware that jumps airgaps | Ars Technica
4. Healthcare.gov's Coming Security Crackup
5. #badBIOS features explained