Tenable Network Security Podcast Episode 196 - "Endpoint Pro"
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!
- Detecting The Trojan.POSRAM Malware
- Nessus Compliance Checks for FortiGate Devices
- Nessus 5.2.5 Is Available for Download
Discussion & Highlighted Plugins
- Endpoint Protection - New vulnerabilities have been remediated in the Symantec Endpoint Protection product. What many may not know is that this product does whitelisting. What are your thoughts on whitelisting, how can it help and is it feasible in some or many environments?
- Sonos, Smart TV, Playstations - Many will state that these such devices "are not on my network." But how do you know unless you look? How common are home and SOHO products on enterprise networks? What risks do they pose?
- Defining Critical - Last week we talked about critical vulnerabilities. This week, I want to turn the focus to critical log events. SANS published the "SANS 6 Categories of Critical Log Information" -- is this applicable to most organizations? Is one person's log data going to have different forms of "critical"? Or, are there categories that we can all share in common, and how many custom categories should you create?
- IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (uncredentialed check)
- IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)
- IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (credentialed check)
- IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)
- MySQL debian.cnf Plaintext Credential Disclosure
- Serv-U FTP Server < 18.104.22.168 Multiple Security Vulnerabilities
- XnView 2.x < 2.13 Multiple Buffer Overflows
- Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)
- Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)
- Google Chrome < 32.0.1700.76 Multiple Vulnerabilities
- Google Chrome < 32.0.1700.77 Multiple Vulnerabilities (Mac OS X)
- Oracle Database January 2014 Critical Patch Update
- MySQL 5.1.x < 5.1.72 Multiple Vulnerabilities
- MySQL 5.1.x < 5.1.73 Multiple Vulnerabilities
- MySQL 5.5 < 5.5.34 Multiple Vulnerabilities
- MySQL 5.5.x < 5.5.35 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.14 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.15 Multiple Vulnerabilities
- CUPS 1.6.x >= 1.6.4 / 1.7.x < 1.7.1 lppasswd Information Disclosure
- BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities
- Symantec Endpoint Protection Client < 22.214.171.124 / 12.1.2 (SYM14-001)
- Symantec Endpoint Protection Manager < 126.96.36.199 / 12.1.2 RU2 (SYM14-001)
- ColdFusion Extended Support Version Detection
- ColdFusion Unsupported Version Detection
- ColdFusion Extended Support Version Detection (credentialed check)
- ColdFusion Unsupported Version Detection (credentialed check)
- MapServer < 5.6.9 / 6.0.4 / 6.2.2 / 6.4.1 SQL Injection
- Drupal 6.x < 6.30 OpenID Module Account Hijacking
- Drupal 7.x < 7.26 Multiple Vulnerabilities
Passive Vulnerability Scanner
Security News Stories
- SANS 6 Categories of Critical Log Information
- No sixth sense: '123456' is worst password of 2013 | Crave - CNET
- Snapchat's new verification already hacked | Security & Privacy - CNET News
- Linksys & Netgear Backdoor by the Numbers | Skizzle Sec
- Metasploit: Making Your Printer Say "Feed Me a ... | SecurityStreet
- How I bypassed 3rd-degree profiles in LinkedIn
- SI6 Networks
- Apple punts patches for holes in Pages and OS X, Windows iTunes
- Michaels Data Breach Under Investigation
- Punish careless employees to reduce security breaches, vendor says
- Authentication bypass bug exposes Foscam webcams to unauthorized access