Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Paul Asadoorian

Profile picture for user Paul Asadoorian
As founder and CEO of Security Weekly, Paul remains one of the world’s foremost experts on all things cybersecurity. Security Weekly is a one-stop resource for podcasts, webcasts and other content, informing community members about penetration testing, vulnerability analysis, ethical hacking and embedded device testing. Previously, Paul served as a lead IT security specialist for Brown University, and as an instructor with The SANS Institute.
Blog Post

Plugin Spotlight: Samsung/Dell Printer Firmware SNMP Backdoor

Samsung Printers Contain an SNMP Backdoor Samsung is not the most well-known printer manufacturer in the world (although they hold 28.5% of the consumer TV market). However, they manufacture a full line of printers and multi-function devices for both home and business use. Samsung also manufactures "some" printers for Dell, though an official list is currently unknown.

Blog Post

Tenable Network Security Podcast Episode 149 - "Gene Kim Interview"

 

Blog Post

Tenable Network Security Podcast Episode 148 - "vCenter Nessus Support, Samsung Firmware Backdoor"

Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus VMware vCenter Data Collection - vCenter allows you to manage multiple virtual host systems in the enterprise. VMware vCenter SOAP API Settings IOServer XML Server URI Directory Traversal Arbitrary File Access Symantec Mail Security Autonomy Verity Keyview Filter Vulnerabilities (SYM12-018) - Send an "evil" attachment and potentially crash or compromise the email gateway -- nice for attackers, not-so-nice for administrators. Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-018) RT < 3.8.15 / 4.0.8 Vulnerabilities - RT is some really neat request tracking software, supposed to work very well too. Wordfence Plugin for WordPress email Parameter XSS - So, kind of not news, but there is a vulnerability in a WordPress plugin. However, this one is ironic because Wordfence is, according to their website, "the best WordPress security plugin in the business." IrfanView < 4.35 Multiple Heap-Based Buffer Overflows SSL Certificate Signed with the Compromised Fortigate Key - I hate it when this happens: "The SSL certificate for this service was signed by a certificate authority (CA) whose private key has been compromised." Dell OpenManage Server Administrator omalogin.html DOM-based XSS IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities Wing FTP Server Multiple ZIP Commands Parsing Remote DoS Novell File Reporter Agent FSFUI UICMD 126 Arbitrary File Download Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses Apache Tomcat 6.0.x < 6.0.36 Vulnerabilities Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses Novell Sentinel Log Manager Authentication Bypass NetIQ Privileged User Manager Default Admin Password NetIQ Privileged User Manager Password Change Authentication Bypass NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution Google Chrome < 23.0.1271.91 Vulnerabilities Opera < 12.11 Vulnerabilities Firefox 10.x < 10.0.11 Vulnerabilities Firefox 16.x Vulnerabilities Firefox 10.x < 10.0.11 Vulnerabilities (Mac OS X) Firefox 16.x Vulnerabilities (Mac OS X) Thunderbird 10.x < 10.0.11 Vulnerabilities (Mac OS X) Thunderbird 16.x Vulnerabilities (Mac OS X) Mozilla Thunderbird 10.x < 10.0.11 Vulnerabilities Mozilla Thunderbird 16.x Vulnerabilities SeaMonkey 2.13.x Vulnerabilities Bugzilla < 3.6.12 / 4.0.9 / 4.2.4 / 4.4rc1 Vulnerabilities

Blog Post

Tenable Network Security Podcast Episode 147 - "HTML5 General Availability, User Security Awareness"

Announcements Nessus HTML5 Interface is Generally Available! (blog post and video) We're hiring!

Blog Post

Nessus HTML5 Interface is Generally Available!

Thank you for providing feedback on the Nessus HTML5 beta interface. The beta feedback period is now closed, and the Nessus HTML5 interface is generally available (GA) to Nessus ProfessionalFeed and Nessus Perimeter Service customers, as well as Nessus HomeFeed users. To access the Nessus HTML5 interface, visit https://nessusserver:8834/html5.html (replace “nessusserver” with the IP/hostname of your Nessus server).

Blog Post

Tenable Network Security Podcast Episode 146 - "Is AV Dead?, Auditing Firewalls"

Announcements Tech Check for 11-12-12 on WYPR's Maryland Morning Tenable Network Security Awarded Common Criteria Certification for Continuous Monitoring Platform Tenable Network Security Caps Momentous Year With Deloitte Technology Fast 500 Recognition - With 552% growth over the last five years, Tenable was ranked 171st on the list overall and listed as the 9th fastest-growing company locally. We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus Opera < 12.10 Multiple Vulnerabilities Oracle Forms Recognition Multiple ActiveX Control Arbitrary File Overwrite Vulnerabilities Adobe AIR 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24) Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24) Adobe AIR for Mac 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24) Flash Player for Mac <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24) Google Chrome < 23.0.1271.64 Multiple Vulnerabilities QuickTime < 7.7.3 Multiple Vulnerabilities (Windows) SolarWinds Orion NPM < 9.5 Login.asp Blind SQL Injection Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution

Blog Post

Nessus Now Audits Juniper Junos Configuration

Keeping Your Routers and Firewalls in Check Continuing with the theme of helping you secure and maintain your critical infrastructure (see our previous post: "New Nessus Compliance Checks Available for Check Point GAiA"), we are pleased to announce the availability of Juniper Junos compliance checks. Junos is the underlying operating system (OS) powering Juniper's routers, firewalls, and network switches.

Blog Post

New Nessus Compliance Checks Available for Check Point GAiA

Keeping Your Firewalls in Check Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.

Blog Post

Tenable Network Security Podcast Episode 145 - "Source Code Leaks, Problems with Computer Security"

Announcements We're hiring! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes! New & Notable Plugins Nessus ZABBIX Web Interface popup_bitem.php itemid Parameter SQL Injection Temenos T24 Detection ManageEngine OpStor Default Administrator Credentials ManageEngine OpStor availability730.do days Parameter XSS ManageEngine SupportCenter Plus HomePage.do fromCustomer Parameter XSS CoDeSys PLC Runtime Service Detection CoDeSys Authentication Bypass Directory Traversal CoDeSys Unauthenticated Command-line Access Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows Kaspersky Password Manager 5.x < 5.0.0.169 HTML Injection Mac OS X : OS X Server < 2.1.1 Multiple Vulnerabilities Mac OS X : Safari < 6.0.2 Multiple Vulnerabilities Apple iOS < 6.0.1 Multiple Vulnerabilities CA ARCserve Backup Multiple Vulnerabilities (CA20121018) (credentialed check) Symphony CMS Password Retrieval Script XSS

Blog Post

Using SSL to Secure Your Vulnerability Data

The Benefits of Proper SSL Configuration Protecting your vulnerability data from unauthorized users, whether the threat comes from external attackers or malicious insiders, is an important part of a vulnerability management program. Nessus allows users to configure SSL to provide both privacy and authentication. SSL can be configured locally or integrated into your own PKI infrastructure, allowing Nessus to be compliant with in-house security policies and standards.

Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for free Contact sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller