Tenable Network Security Podcast Episode 192 - "Detecting Malware, Passive Scanning"
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus, PVS, and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
This week, Carlos and I discussed the Passive Vulnerability Scanner's ability to detect client-side and embedded device vulnerabilities. We also covered Ron's presentation https://discussions.nessus.org/docs/DOC-1051 on using Tenable products to detect malware. We highlighted how PVS can search the files being hosted and search the DNS names hosts are accessing to detect common malware. We also covered how to pull information from different sources and use correlation to alert on the events you will care about.
Nessus
General
- Flash Player for Mac <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
- Adobe AIR for Mac <= 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)
- Flash Player <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
- Adobe AIR <= AIR 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)
- SeaMonkey < 2.23 Multiple Vulnerabilities
- Mozilla Thunderbird < 24.2 Multiple Vulnerabilities
- Firefox < 26.0 Multiple Vulnerabilities
- Firefox ESR 24.x < 24.2 Multiple Vulnerabilities
- Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)
- Firefox < 26.0 Multiple Vulnerabilities (Mac OS X)
- Firefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X)
- Shockwave Player <= 12.0.6.147 Memory Corruptions (APSB13-29)
- VMware Player 5.x < 5.0.3 LGTOSYNC.SYS Guest Privilege Escalation (VMSA-2013-0014)
- VMware Fusion 5.x < 5.0.4 LGTOSYNC.SYS Privilege Escalation (VMSA-2013-0014)
- IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities
- Google Chrome < 31.0.1650.63 Multiple Vulnerabilities (Mac OS X)
- Google Chrome < 31.0.1650.63 Multiple Vulnerabilities
- ManageEngine Desktop Central Default Administrator Credentials
- ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload
- ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload (intrusive check)
- ManageEngine Desktop Central Detection
- Jenkins Accessible without Credentials
- VMSA-2013-0014 : VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
- Atlassian Confluence < 4.3.7 Multiple Vulnerabilities
- Monitorix Built-in HTTP Server Remote Command Execution
Passive Vulnerability Scanner
Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.
Vulnerability Detection
- Amazon Silk Web Browser Detection
- OpenSSL < 0.9.8x / < 1.0.0j / < 1.0.1c Remote Denial of Service Vulnerability
- Bitcoin Client Detection (Stratum)
- Bitcoin Client Detection (JSON/RPC)
- Bitcoin Client Detection (Bitcoin Protocol)
- UPNP Traffic Detection (Client)
- Google Chrome < 31.0.1650.63 Multiple Vulnerabilities
- Google Chrome < 31.0.1650.57 Multiple Remote Code Execution Vulnerabilities
- Google Chrome < 31.0.1650.48 Multiple Vulnerabilities
- Apple Deployed Software Version Detection
- Apple iOS 7.x < 7.0.4 Purchases Authentication Bypass
- Apple iOS 7.x < 7.0.3 Multiple Vulnerabilities
- Apple iOS 7.x < 7.0.2 Multiple Vulnerabilities
- Opera Web Browser Version Detection
- Opera < 18.0 Multiple Unspecified Vulnerabilities
- Innominate Security Technologies mGuard SCADA Security Device Detection
- Advantech Embedded Controller Detection
SecurityCenter Apps
Security News Stories
- Important Security Update for D-Link Routers | Krebs on Security
- GCC Poison | Leaf Security Research
- Mobile Device Tips, Tricks and Resources
- How to find out if your password has been stolen | ZDNet
- Video: Installing PVS, the Passive Vulnerability Scanner
Related Articles
Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources
November 8, 2024CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.
Cybersecurity Snapshot: North Korea’s Cyber Spies Hunt for Nuclear Secrets, as Online Criminals Ramp Up AI Use in the EU
July 26, 2024Check out a CISA-FBI advisory about North Korean cyber espionage on critical infrastructure orgs. Plus, what Europol found about the use of AI for cybercrime. Meanwhile, the risk concerns that healthcare leaders have about generative AI. And a poll on water plant cybersecurity. And much more!
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Malware
- Nessus Network Monitor
- Podcast