Nessus Leverages Threat Intelligence from ThreatGRID

by Narayan Makaram
June 12, 2014

Tenable released a new Nessus® plugin – Microsoft Windows Known Bad AutoRuns (Plugin id 74442), which detects the presence of advanced malware on endpoints based on threat intelligence from ThreatGRID. The threat intelligence includes Scheduled Tasks, AutoRuns, and other Windows Registry entries that Nessus® collects while scanning endpoints and cross-references with data from the ThreatGRID feed.

Announcing SEC OCIE Dashboards for Financial Services

by Aarij Khan
June 11, 2014

Tenable is excited to release a set of dashboards, reports and components that help our financial services customers collect and document necessary data for the SEC Office of Compliance Inspection Examinations Risk Alert. The Risk Alert includes an Appendix that is a sample request for documents and information, which the SEC OCIE can use to evaluate the organization’s security program. This content leverages Tenable Network Security’s SecurityCenter Continuous View (CV) along with its Continuous Monitoring framework to ease the effort needed to follow the guidelines in the Risk Alert.

Detect The Latest OpenSSL Vulnerabilities Using Active and Passive Scanning

by Paul Asadoorian
June 6, 2014

Tenable's products dig deep to uncover the latest round of OpenSSL vulnerabilities.

Several new vulnerabilities were disclosed in OpenSSL yesterday (yes the very same one which led to the Heartbleed vulnerability), along with updates for the popular open-source SSL library. One of the vulnerabilities is fairly serious, as it could allow for Man-In-The-Middle attacks under certain circumstances. Interesting notes about this new vulnerability include:

When an outsider becomes a malicious insider

by Ken Bechtel
May 30, 2014

Paraphrasing what long-time penetration tester and computer security author Ira Winkler once told me, “When I do penetration tests, if I can’t get in by technical means I can always get in with social engineering.” While this may sound like advice to a fellow computer security specialist, or a warning to a network manager, it should also sound warning bells to anyone who uses a computer. By social engineering an outsider becomes a corporate insider, with all the authorities and risks.