Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
New & Notable Plugins
CiscoWorks Common Services HTTP Response Splitting - HTTP response splitting is a tricky vulnerability, and therefore may be dismissed by some as unimportant. Essentially, it can give attackers control of a web application if they can convince users to click on a link or load HTML code in their browser. Also important to note that CiscoWorks is used by many to manage the entire network infrastructure. My attack against this software would aim to steal the SNMP or other credentials on all the network gear in your network.
VMware Workstation, Player, ESXi and ESX Critical Patches - ''This vulnerability may allow a guest user to crash the VMX
process or potentially execute code on the host.'' - Any vulnerability which allows an attacker to execute code on the host system of your VMs should get the highest priority on your patch list.
PHP Unsupported Version Detection - Keep up-to-date with your PHP releases! Easier said than done, as some developers will write applications which lock you into a specific version, making upgrading a much slower process.
RuggedOS Telnet Server Backdoor - This one has been featured in the press lately. I'm confused as to why the MAC address would be displayed in the TELNET banner.
Usenet File Detection (.nzb) - ''The remote web server is hosting .nzb files. NZB files are used by USENET clients to download large files.'' If you want to know if your network is participating in hosting USENET, this is the signature for you.
Polycom VoIP Client Detection - VoIP software has had its share of vulnerabilities, and making sure it only exists where you want it to exist is part of good network management.
SecurityCenter Report Templates
Adobe Readers and Players - It seems each week there is a new vulnerability exposed for either Adobe Reader or Adobe Flash. This report will provide you with your total exposure across both products.
DNSChanger Monitoring - This dashboard is a snapshot of which systems Nessus and PVS have discovered with DNSChanger malware, and provides a comprehensive look at your current state of infection.
Try Tenable.io free for 60 days. Protect your organization from WannaCry, NotPetya and other ransomware cyberattacks. Get Started
Webinar: DevOps guru Gene Kim talks cyber exposure. Register for a chance to win one of his books. Sign Up
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.