Tenable Network Security Podcast - Episode 16
Welcome to the Tenable Network Security Podcast - Episode 16
Announcements
- A new blog post has been released that covers the December Microsoft Patch Tuesday roundup. In it we analyze some of the wording, details, and software vulnerabilities released in the December security bulletins from Microsoft.
- Hotfix02 for Security Center 3.4.5 has been released and addresses several small bug fixes. Customers can download the update from the Tenable support portal.
- We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!
Stories
- Metasploit Project New Releases: Airpwn added - I wanted to use this story as a talking point to underscore a type of attack that not too many people know about. It debuted at Defcon years ago and is still a perfectly valid attack vector on open wireless networks. It allows an attacker to insert content into data streams using raw 802.11 frames. I've demonstrated this attack at conferences in the past, and had HTML code running on 50 people's browsers within a few minutes. The fix, use WPA!
- Adobe Flash Security Perspectives -Adobe, like Microsoft and other popular technologies, gets hit hard by attackers and many vulnerabilities are exposed as a result. This article covers both sides of the story, and offers some hope for Adobe as they realize that the popularity of their software has grown, and so should their security program and software development lifecycle.
- Be careful what you post online! - Employees, potential employees, and employers really need to take a hard look at what's being exposed through social networking sites. I'm not suggesting that companies "spy" on employees or potential employees, but to monitor what is available publicly.
- Cloud Security Public Announcement From Chris Hoff - If your security practices suck in the physical realm, you’ll be delighted by the surprising lack of change when you move to Cloud.
- Thunderbird 3.0 Released - While I'm not an earlier adopter of new software versions, it appears that version 3.0 of Thunderbird also fixes some newly discovered vulnerabilities. I'm still adjusting to the new features, but did perform the upgrade so that I could take advantage of any security fixes as well.
Related Articles
NIST Cybersecurity Framework Adopted by Thirty Percent of US Organizations
February 18, 2016In the February 18, 2016 Risky Business podcast, Cris Thomas speaks with Patrick Gray about the NIST Cybersecurity Framework. Gartner recently announced that 30% of all US organizations - both public...
Tenable Network Security Podcast Episode 206 - "PCI, Breaches and more!"
September 15, 2014
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Podcast