Tenable Network Security Podcast Episode 164 - "Detecting Portable Devices, Losing Private Keys"
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
New & Notable Plugins
- Gallery < 3.0.5 Multiple Vulnerabilities - Gallery is a PHP application for image management and presentation on your website. This type of application is plagued with vulnerabilities.
- Piwigo install.php dl Parameter Traversal Arbitrary File Access - Case in point, this is another image gallery PHP application.
- Core FTP < 2.2 build 1769 Multiple Buffer Overflows - Client-side FTP vulnerability
- Microsoft Windows Portable Devices - A fantastic new plugin that enumerates the devices plugged into your Windows systems
- VNC Server Unencrypted Communication Detection - A splash of configuration auditing, this plugin checks to be certain the VNC server is using encryption.
- Default Password (facepunch) for 'chronos' Account - Default account in Google's operating system
- Firefox ESR 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)
- Firefox 19.x Multiple Vulnerabilities (Mac OS X)
- Thunderbird 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)
- Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)
- Firefox ESR 17.x < 17.0.5 Multiple Vulnerabilities
- Firefox 19.x Multiple Vulnerabilities
- Mozilla Thunderbird 17.x < 17.0.5 Multiple Vulnerabilities
- Mozilla Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities
- SeaMonkey 2.16.x Multiple Vulnerabilities
Passive Vulnerability Scanner
Several recent news articles pointed to vulnerabilities in PostgresSQL. Below are plugins to detect them in your environment.
From the plugin description: Financial Information eXchange (FIX) protocol. The remote client is running a FIX application. This protocol is used by financial institutions to exchange data. The FIX protocol has very few built-in security controls and, instead, relies on industry standard encryption (PGP, SSL/TLS, etc.) to protect the stream. The PVS has just observed this client initiate a LOGON request without encryption set.
SecurityCenter Report Templates
- Exploits By Platform - Traces the exploitability of vulnerabilities in your environment using the three most popular exploit frameworks
- AMI Firmware Source Code, Private Key Leaked | threatpost
- Command Injection Tips: Leveraging Command-line Kung Fu with nslookup
- Bitcoin-mining malware enslaves computers
- Veracode Predicts Rise of "Everyday Hacker"
- Parking Ticket Firm Exposes Private Information
- Fake Twitter Followers Becomes Multimillion Dollar Business