Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!
PCI Discussion Featuring Jeffrey Man
- Many retailers have been breached. What could PCI do to help prevent this and arm the retailers against this threat?
- One would think that it's in the best interest of the retailers, the consumer, and the credit card companies to prevent this from happening. What can we do to suggest better regulations?
- PCI seems pretty specific to payment card systems, but many breaches involve other systems which do not fall under compliance. Do you see this changing?
Also check out our technical write-up on Trojan.Win32.FSYSNA.fej aka Chewbacca (malware targeting PoS (Point of Sale) systems).
- Shockwave Player <= 220.127.116.11 Multiple Memory Corruption Vulnerabilities (APSB14-06)
- MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
- MS14-010: Cumulative Security Update for Internet Explorer (2909921)
- MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)
- MS14-008: Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
- MS14-007: Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
- MS14-006: Vulnerability in ICMPv6 Could Allow Denial of Service (2904659)
- MS14-005: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- Web Site Client Access Policy File Detection
- Sophos Anti-Virus Engine < 3.50.1 System Objects DoS
- Cisco Secure ACS Portal Interface Session Hijacking
- Oracle Secure Global Desktop Multiple Vulnerabilities
- Oracle Secure Global Desktop Unsupported Release
- Synology DiskStation Manager (DSM) Detection
- Synology DiskStation Manager 4.0-x < 4.0-2259 / 4.1-x / 4.2-x < 4.2-3243 SLICEUPLOAD Function Remote Code Execution
- Synology DiskStation Manager < 4.3-3776 Update 2 Multiple Vulnerabilities
- Synology DiskStation Manager < 4.3-3776 Update 3 info.cgi Multiple Parameters XSS
- Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities
- Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities
- Synology DiskStation Manager uistrings.cgi lang Parameter Directory Traversal
- Novell Client 2 Vba32 AntiRootKit DoS
- McAfee VirusScan Enterprise 8.8 < 8.8 Patch 1 DoS
- Microsoft Internet Explorer Version Detection
- IBM SPSS SamplePower 3.0.1 < 3.0.1 IF1 ActiveX Control Remote Code Execution
- Oracle Identity Manager October 2013 CPU
- Artweaver Detection
- Artweaver 3.x < 3.1.5 JPG File Handling Stack-based Buffer Overflow
- WinSCP < 5.1.6 RSA Signature Blob Integer Overflow
- Red Hat JBoss Enterprise Application Platform 6.1.0 Security Update (RHSA-2013-1843)
- Dell KACE K1000 Web Detection
- Dell KACE K1000 < 5.5 Multiple SQL Injection Vulnerabilities
- IrfanView MrSID Plugin < 4.37 Multiple Buffer Overflows
- Adobe Digital Editions 2.0.0 'rmsdk_wrapper.dll' Memory Corruption (APSB13-20)
- Adobe Digital Editions 2.0.1 Memory Corruption (Mac OS X)
- HP B-series SAN Network Advisor Installed (Linux)
- Dell KACE K2000 < 3.3.52857 Multiple Vulnerabilities
- WinSCP < 5.1.7 Multiple Vulnerabilities
- MediaWiki < 1.19.10 / 1.21.4 / 1.22.1 Multiple Vulnerabilities
Passive Vulnerability Scanner
- FlashCanvas <= 1.5 Reflected Cross-site Scripting Attack
- Mozilla Firefox < 27.0 / 24.3 (ESR version) Multiple Vulnerabilities
- Mozilla Firefox for Android < 27.0 Multiple Vulnerabilities
- Mozilla SeaMonkey < 2.24 Multiple Vulnerabilities
- Mozilla Thunderbird < 24.3 Multiple Vulnerabilities
- Google Chrome < 32.0.1700.102 Multiple Vulnerabilities
- Google Chrome < 32.0.1700.107 Remote Code Execution
- OID parsing
- Adobe AIR <= 18.104.22.1680 Multiple Vulnerabilities (APSB14-02)
- Flash Player (Internet Explorer) <= 11.9.900.170 Multiple Vulnerabilities (APSB14-02)
- Flash Player < 22.214.171.124 Multiple Vulnerabilities (APSB14-02)
- Flash Player <= 11.7.700.260 / 126.96.36.199 (inferred) Remote Code Execution (APSB14-04)
- Flash Player <= 11.7.700.260 / 188.8.131.52 Multiple Vulnerabilities (APSB14-04)
Security News Stories
- Snowden's tools for hacking NSA not exactly high tech
- Evan Schuman: Get ready, IT; here comes the Internet of Things
- Patch Tuesday brings Microsoft fixes and Adobe Shockwave update