- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
New & Notable Plugins
- DB2 9.8 Less Than Fix Pack 5 Vulnerabilities
- Vulnerabilities in Microsoft Gadgets Could Allow Remote Code Execution
- DNSSEC NSEC Records Information Disclosure
- VMware ESXi update to libxml2
- MySQL 5.5 Less Than 5.5.23 Unspecified Vulnerability
- Novell GroupWise WebAccess User.interface Directory Traversal
- Pidgin Less than 2.10.5 Message Inline Image Parsing Remote Overflow
Passive Vulnerability Scanner
- Asterisk Remote Crash Vulnerability in Skinny Channel Driver
- Asterisk Remote Crash Vulnerability in voice mail application
- Evernote Client Detection
- Java version detection
SecurityCenter Report Templates
Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.
- New DISA STIG MS Office 2010 Audit
- New CIS SQL2005 Audit Policies
- New DISA STIG MacOSX 10.6 Audit Policy
- Hacks that work just by changing the URL » Secure Solutions - This would be a good document to send to your developers, making sure they understand the threats associated with the source code presented.
- Low Hanging Fruit (Nessus Results) - I believe there are also lessons for the enterprise in this tech tip. It's no secret penetration testers seek out the low-hanging fruit. Enterprises can search for the same conditions, and provided you have a remediation process, easily neutralize vulnerabilities that are easy to exploit.
- If Hackers Didn't Exist, Governments Would Have to Invent Them - While the government is quick to point out that "hackers" are a problem, I'm not certain they would go to great lengths to make up stories about them, nor do they have to. I agree, we are sometimes fighting battles against the wrong adversary. However, threats come in many different shapes and sizes, including what is defined here as the "hacker."
- 140,000 KPN ADSL customers still using default password - An ISP sets the same default passwords on customer's routers, then leaves it up to the customer to change it. This is the wrong approach.
- Nvidia probes breach of hashed passwords - I find it ironic that Nvidia, whose hardware is used to crack passwords, suffered a password breach.
- Vivotek Cameras Data Configuration Disclosure - I continue to be amazed that embedded device vulnerabilities are so easy to exploit.