Tenable Network Security Podcast Episode 98
Hosts
- Paul Asadoorian, Product Evangelist
- Carlos Perez, Lead Vulnerability Researcher
- Jack Daniel, Product Manager
Announcements
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest video is titled "Top Ten Things You Didn't Know About Nessus #9".
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
Stories
- Don’t Hit the Snooze Button on DigiNotar Alarm Bells - In 1995, we suggested the usage of network firewalls and SSL to protect web applications, and today we suggest that network firewalls and SSL protect cloud computing. There is a balance between evolving countermeasures and not hitting the snooze button on defensive technologies.
- So-so SASO … So What? - Bringing more balance to security, there is room for automated testing and static code analysis, but should you let a 3rd party analyze your code? Most would say "Yes", unless you are Oracle...
- Sound Database Security Starts With Segmentation - Segmentation needs to have context around it, and be based on the classification and location of your data.
- SIEM: Dead as Claimed? - Computerworld - Its fun to see which technology will be declared dead, first it was IDS, now SIEM. Is it really dead?
- 3 Indicted in Sophisticated Hacking Scheme - Attacker drove around the city of Seattle and broke into companies physical buildings and/or wireless networks, installed malware on their systems, and attempted to make a profit.
- SecurityTracker: Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks - I've recommended that DIGEST authentication be used over BASIC authentication in Apache. If you implemented my suggestions, make sure you take notice of this patch!
- New OS X Trojan Horse sends Screenshots, Files to Remote Servers - I thought Macs didn't get viruses? Turns out they do...
- Facebook Unfriending 'Bug' Gets Quick Fix - For Facebook users, this is a big deal, as you don't want your "Friends" to know that you are breaking up with them.
- Man Builds Social Network Using Atlantic Ocean - I'd love to see the attacks against this social network, how would a cross-site scripting vulnerability play out?
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Podcast