Tenable Network Security Podcast Episode 183 - "Hardening Chrome, Measuring Patch Management"
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
- Devices, Devices, Devices - Plugins this week cover Cisco NAC devices, Cacti, iLO, and Apple Airport vulnerabilities. I think it's great that we're releasing plugins to cover these types of devices. We've talked about it before, and I can't stress it enough – you must scan, patch, and then scan again all of the devices in your your network. The SQL injection vulnerability in the Cisco NAC controller is interesting. To me, that screams "NAC bypass," and if your NAC is easy to bypass, why have one at all?
- Locking Down the Browser - Browser vulnerabilities seem to have patches come out almost every week, and the user is a huge target for attackers. We released a .audit file for Chrome browsers. This is a great strategy; I'm a big fan of hardening your systems and applications. So why not the browser?
- Measuring Patch Management - We recently released a SecurityCenter dashboard which tracks how successful your patch management strategy is in your environment. This is an important exercise: Constantly measure your patch management effectiveness, and constantly try to improve. What are some things we can do to improve patch management?
New & Notable Plugins
Nessus
Passive Vulnerability Scanner
Tenable Compliance Checks
SecurityCenter Dashboards
Security News Stories
- Howto crawl web.xml with ruby to discover servlet urls for a pentest
- Delete any Photo from Facebook by Exploiting Support Dashboard | Arul Kumar.V
- Researchers: Oracle's Java Security Fails
- NSA cracks HTTPS, SSL, 4G smartphone encryption | Digital Trends
- The Router Review: From nmap to firmware | codeinsecurity
- Russia's Cybercrime Market Reaches $1.9 Billion
- 'Don't Travel Abroad' Russia warns Hackers
- Red Hat CIO Takes an Open-Source Approach to Security and BYOD
- People the weakest link in security
- 5 Signs Of Trouble In Your Network
- Android malware spotted hitching a ride on mobile botnet
Related Articles
NIST Cybersecurity Framework Adopted by Thirty Percent of US Organizations
February 18, 2016In the February 18, 2016 Risky Business podcast, Cris Thomas speaks with Patrick Gray about the NIST Cybersecurity Framework. Gartner recently announced that 30% of all US organizations - both public...
Tenable Network Security Podcast Episode 206 - "PCI, Breaches and more!"
September 15, 2014
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Podcast