Tenable Network Security Podcast - Episode 200
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter and Facebook accounts at http://www.tenable.com/podcast!
Discussion
- SCADA Device Vulnerability Detection - How do we do it? Scan, Sniff, Log, "Real-time" all these words come into play, but what do they really mean and how do they help you solve problems and reduce risk? How do we deal with XP in this environment? How do we deal with XP in general? Read More
- Why Isn't My Host Vulnerable?- Lots of questions like this, in the past week, welcome to our world. Three things: 1) Use the audit trail to find out why a plugin did not run (e.g. Your host is not running SSL) 2) Use the knowledge base to find which plugins did fire (e.g. Did you enable a port scanner on all ports?) 3) Monitor Logs/Packets - Fire up tcpdump/wireshark, see if traffic is getting there, look in the logs on the target and see what is happening.
- Looking For The Right Stuff - Like this
- Query to find active vulnerabilities 30 days old or more. When you are collecting all the stuff, you can ask questions like this and get answers. Such as "which hosts are running SSL?" or "Which hosts have SSL certificates older than a week?".
Nessus
- Flash Player for Mac <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09) (Mac OS X)
- Cisco IOS XR ICMPv6 Redirect Denial of Service
- WMI EMET Configuration Enumeration
- BlackBerry < 10.2.0.1055 qconnDoor Buffer Overflow
- Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits (PCI DSS)
- Adobe AIR for Mac <= 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)
- BACnet Protocol Detection
- MediaWiki Unsupported Version Detection
- Amazon Linux AMI Update: kernel / openssh Denial of Service (ALAS-2014-319)
Passive Vulnerability Scanner
Vulnerability Detection
- CUPS < 1.7.2 Reflected Cross-Site Scripting Vulnerability
- Mac OS X : Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities
- Google Chrome < 34.0.1847.116 Multiple Vulnerabilities
- TLSv1 Traffic Negotiation Detection
- DTLS Heartbeat Negotiation Detection
- DTLS v1.2 Traffic Negotiation Detection
- DTLS v1.0 Traffic Negotiation Detection
- SSL Content-Type Heartbeat Detection
- OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities
- Windows RDP / Terminal Services Detection
- UDP Protocol Detection
- Generic TCP Protocol Detection
- DNSSEC Client Query Detection
- MediaWiki Password Reset Cross-site Request Forgery Vulnerability
- MailStation Server Detection
- TLS v1.1 Traffic Negotiation Detection
- Fortinet Security Device Detection
- AirMail OSX Client Detection
SecurityCenter Apps
Dashboards
Reports
Security News Stories
- Notorious troll and hacker Weev has conviction overturned
- OpenSSL: The single line of code that broke online security
- How To Securely Erase Your SSD Without Destroying It
- The security of the most popular programming languages
- Google Might Reward Secure Websites With Better Ranking
- Galaxy S5 Fingerprint Scanner Hacked With Glue Mould
- Organizations suffer SQL Injection attacks, but do little to prevent them
- HD Manufacturer LaCie Admits Yearlong Data Breach
- Windows XP Alive & Well in ICS/SCADA Networks
- Black Hat USA 2014: Pentesting? Thought You'd Never Ask
Related Articles
CVE-2022-3786 and CVE-2022-3602: OpenSSL Patches Two High Severity Vulnerabilities
November 1, 2022OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
Volt Typhoon: What State and Local Government Officials Need to Know
November 19, 2024Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attack paths.
- OpenSSL
- Podcast
- SCADA