Tenable Network Security Podcast Episode 196 - "Endpoint Pro"
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!
- Detecting The Trojan.POSRAM Malware
- Nessus Compliance Checks for FortiGate Devices
- Nessus 5.2.5 Is Available for Download
Discussion & Highlighted Plugins
- Endpoint Protection - New vulnerabilities have been remediated in the Symantec Endpoint Protection product. What many may not know is that this product does whitelisting. What are your thoughts on whitelisting, how can it help and is it feasible in some or many environments?
- Sonos, Smart TV, Playstations - Many will state that these such devices "are not on my network." But how do you know unless you look? How common are home and SOHO products on enterprise networks? What risks do they pose?
- Defining Critical - Last week we talked about critical vulnerabilities. This week, I want to turn the focus to critical log events. SANS published the "SANS 6 Categories of Critical Log Information" -- is this applicable to most organizations? Is one person's log data going to have different forms of "critical"? Or, are there categories that we can all share in common, and how many custom categories should you create?
Nessus
General
- IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (uncredentialed check)
- IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)
- IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (credentialed check)
- IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)
- MySQL debian.cnf Plaintext Credential Disclosure
- Serv-U FTP Server < 15.0.0.0 Multiple Security Vulnerabilities
- XnView 2.x < 2.13 Multiple Buffer Overflows
- Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)
- Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)
- Google Chrome < 32.0.1700.76 Multiple Vulnerabilities
- Google Chrome < 32.0.1700.77 Multiple Vulnerabilities (Mac OS X)
- Oracle Database January 2014 Critical Patch Update
- MySQL 5.1.x < 5.1.72 Multiple Vulnerabilities
- MySQL 5.1.x < 5.1.73 Multiple Vulnerabilities
- MySQL 5.5 < 5.5.34 Multiple Vulnerabilities
- MySQL 5.5.x < 5.5.35 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.14 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.15 Multiple Vulnerabilities
- CUPS 1.6.x >= 1.6.4 / 1.7.x < 1.7.1 lppasswd Information Disclosure
- BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities
- Symantec Endpoint Protection Client < 11.0.7.4 / 12.1.2 (SYM14-001)
- Symantec Endpoint Protection Manager < 11.0.7.4 / 12.1.2 RU2 (SYM14-001)
- ColdFusion Extended Support Version Detection
- ColdFusion Unsupported Version Detection
- ColdFusion Extended Support Version Detection (credentialed check)
- ColdFusion Unsupported Version Detection (credentialed check)
- MapServer < 5.6.9 / 6.0.4 / 6.2.2 / 6.4.1 SQL Injection
- Drupal 6.x < 6.30 OpenID Module Account Hijacking
- Drupal 7.x < 7.26 Multiple Vulnerabilities
Passive Vulnerability Scanner
SecurityCenter Apps
Dashboards
Reports
Security News Stories
- SANS 6 Categories of Critical Log Information
- No sixth sense: '123456' is worst password of 2013 | Crave - CNET
- Snapchat's new verification already hacked | Security & Privacy - CNET News
- Linksys & Netgear Backdoor by the Numbers | Skizzle Sec
- Metasploit: Making Your Printer Say "Feed Me a ... | SecurityStreet
- How I bypassed 3rd-degree profiles in LinkedIn
- SI6 Networks
- Apple punts patches for holes in Pages and OS X, Windows iTunes
- Michaels Data Breach Under Investigation
- Punish careless employees to reduce security breaches, vendor says
- Authentication bypass bug exposes Foscam webcams to unauthorized access
Related Articles
YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious Products Scams for Views and Subscribers
January 12, 2022As Google's TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
Volt Typhoon: What State and Local Government Officials Need to Know
November 19, 2024Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
- Personal security
- Podcast
- SANS
- Standards
- Vulnerability Management