Detecting Hidden Backdoors in Your BIOS With Nessus

by Paul Asadoorian on August 29, 2014

One of the inherent qualities of malware is the ability to hide from the system and the user. It is in the best interest of the bad guys to not be detected, and various forms of malware implement different methods of hiding. However, one method that is very scary is the ability to hide inside the components of the PC, rather than in the operating system. This is the case with malware targeting the BIOS or the unified extensible firmware interface (UEFI) in more modern computers. The dangers is that software running in this area of the system can gain full control of any functions (such as all connected hardware) and bypass protections put in place by the operating system. It makes detection extremely difficult and will persist across system restores and rebuilds.

Eyes Wide Shut, or is This a Repeat of the Same Old Thing?

by Ken Bechtel on August 28, 2014

On July 31, US-CERT released a report on a Point of Sale (POS) targeting malware called BackOff. In the last week, we’ve seen news coverage of multiple highly recognizable corporations being compromised by this threat. Some of these new attacks are minor variants of the original threat, which is...

The Weakest Link – Cloud Application Users and Administrators

by Ron Gula on August 26, 2014

Privileged users are a fact of life, but they pose an expanding opportunity to adversaries in the new IT landscape. There are two classes of privileged users on your network today: the users of your cloud-based applications such as SalesForce and NetSuite, and your system administrators. Any...

PVS App for Splunk

by Sherry Quinn on August 22, 2014

Splunk Enterprise analyzes everything from customer clickstreams and transactions to network activity and call records, turning your machine data into valuable insights. The Tenable™ PVS app for Splunk increases the security threat intelligence of Splunk by sending it critical security-relevant information.

Continuous Monitoring for the New IT Landscape

by Marcus J. Ranum on August 6, 2014

The landscape of IT security is changing and the rash of recent data breaches has targeted a fatal flaw in the way organizations have approached security over the last two decades. When it comes to security practices, organizations are going to have to adapt: older techniques simply won’t cut it...