Ron Gula

If you have not heard the news yet, Brian Krebs has reported that the recent Target breach occurred when hackers broke into the network of a company that managed the company's heating, ventilation and air conditioning (HVAC) systems.

Nessus will generate a finding if the scan target has an Anti-Virus agent deployed with the virus detection rules out of date. We've often received feature requests asking us to allow customers to set a grace period (in days) to avoid generating this alert. Such a preference was added this week under the heading 'Antivirus Software Check':

The security researchers at Errata Security performed an Internet-wide port 22 scan to gather SSH daemon banner information. The scan happened on September 12th from 71.6.151.167 with a tool named masscan. If you run a SIM, a network IDS or any type of passive network monitoring, this is a really easy and safe "known" to go and see if your monitoring is configured correctly. It is the proverbial “shooting fish in a barrel” example where you can show that your network security monitoring is in fact working.

The new PVS 4.0 annual subscription makes network monitoring available to a wide variety of security practitioners. This is a new type of product, and it has many highly-practical use cases. Read about several ways you can get your security work done quicker with PVS 4.0.

This blog entry describes many of the recent advances Tenable has made with active and passive detection of SCADA and ICS devices on networks. There has been a dramatic increase in devices and applications that control power, industrial processes, and even our homes. With almost 600 public SCADA vulnerabilities, 214 of them disclosed in 2012, Tenable has kept pace with these advances by developing new forms of detection for Nessus and the Passive Vulnerability Scanner.