Podcast

Covering Tenable's products including Nessus and SecurityCenter. We also discuss the latest security news and vulnerabilities, in addition to interviewing some of the industry's finest.

Your Hosts

Paul Asadoorian

@securityweekly

Ron Gula

@RonGula

Jack Daniel

@jack_daniel

Carlos Perez

@Carlos_Perez

 Featured Episode

Recent Episodes

Tenable Network Security Podcast Episode 151 - "The Year in Tenable Product Features"

Welcome to the Tenable Network Security Podcast Episode 151 Announcements We're hiring ! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes ! The Year in Tenable Product Features Vulnerability Exploitability Index Malicious Process and Botnet Activity Detection Mobile Device Scanning (Microsoft ActiveSync and Apple Profile Manager) Patch Management Integration (Red Hat, VMwareGo, WSUS, SCCM, and Tivoli Endpoint Manager ) Nessus HTML5 Interface Compliance/Configuration Auditing Firewalls, Routers, and Virtualization ( vCenter , Junos , Check Point , Cisco NX-OS ) IPv6 Support in SecurityCenter and PVS

Tenable Network Security Podcast Episode 150 - "SSH Vulnerabilities, Password Log Book"

Welcome to the Tenable Network Security Podcast Episode 150 Announcements Video: Direct Attack Path Analysis White Paper: Why is outcome based security monitoring so critical with “Big Data”? We're hiring ! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes ! New & Notable Plugins Nessus Apache Tomcat 7.0.x < 7.0.32 CSRF Filter Bypass RWCards Component for Joomla! mosConfig_absolute_path Parameter Remote File Inclusion FreeSWITCH Route Header Value Handling DoS ManageEngine Security Manager Plus 'f' Directory Traversal Arbitrary File Access NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution NetIQ Privileged User Manager Password Change Authentication Bypass ISC BIND 9 DNS64 Handling DoS Microsoft Windows Unquoted Service Path Enumeration freeFTPd / freeSSHd SFTP Authentication Bypass

Tenable Network Security Podcast Episode 148 - "vCenter Nessus Support, Samsung Firmware Backdoor"

Welcome to the Tenable Network Security Podcast Episode 148 Announcements We're hiring ! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes ! New & Notable Plugins Nessus VMware vCenter Data Collection - vCenter allows you to manage multiple virtual host systems in the enterprise. VMware vCenter SOAP API Settings IOServer XML Server URI Directory Traversal Arbitrary File Access Symantec Mail Security Autonomy Verity Keyview Filter Vulnerabilities (SYM12-018) - Send an "evil" attachment and potentially crash or compromise the email gateway -- nice for attackers, not-so-nice for administrators. Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-018) RT < 3.8.15 / 4.0.8 Vulnerabilities - RT is some really neat request tracking software, supposed to work very well too. Wordfence Plugin for WordPress email Parameter XSS - So, kind of not news, but there is a vulnerability in a WordPress plugin. However, this one is ironic because Wordfence is, according to their website, "the best WordPress security plugin in the business." IrfanView < 4.35 Multiple Heap-Based Buffer Overflows SSL Certificate Signed with the Compromised Fortigate Key - I hate it when this happens: "The SSL certificate for this service was signed by a certificate authority (CA) whose private key has been compromised." Dell OpenManage Server Administrator omalogin.html DOM-based XSS IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities Wing FTP Server Multiple ZIP Commands Parsing Remote DoS Novell File Reporter Agent FSFUI UICMD 126 Arbitrary File Download Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses Apache Tomcat 6.0.x < 6.0.36 Vulnerabilities Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses Novell Sentinel Log Manager Authentication Bypass NetIQ Privileged User Manager Default Admin Password NetIQ Privileged User Manager Password Change Authentication Bypass NetIQ Privileged User Manager ldapagnt_eval() Function Remote Code Execution Google Chrome < 23.0.1271.91 Vulnerabilities Opera < 12.11 Vulnerabilities Firefox 10.x < 10.0.11 Vulnerabilities Firefox 16.x Vulnerabilities Firefox 10.x < 10.0.11 Vulnerabilities (Mac OS X) Firefox 16.x Vulnerabilities (Mac OS X) Thunderbird 10.x < 10.0.11 Vulnerabilities (Mac OS X) Thunderbird 16.x Vulnerabilities (Mac OS X) Mozilla Thunderbird 10.x < 10.0.11 Vulnerabilities Mozilla Thunderbird 16.x Vulnerabilities SeaMonkey 2.13.x Vulnerabilities Bugzilla < 3.6.12 / 4.0.9 / 4.2.4 / 4.4rc1 Vulnerabilities

Tenable Network Security Podcast Episode 146 - "Is AV Dead?, Auditing Firewalls"

Welcome to the Tenable Network Security Podcast Episode 146 Announcements Tech Check for 11-12-12 on WYPR's Maryland Morning Tenable Network Security Awarded Common Criteria Certification for Continuous Monitoring Platform Tenable Network Security Caps Momentous Year With Deloitte Technology Fast 500 Recognition - With 552% growth over the last five years, Tenable was ranked 171st on the list overall and listed as the 9th fastest-growing company locally. We're hiring ! - Visit the Tenable website for more information about open positions. Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials. Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more! Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more! You can subscribe to the Tenable Network Security Podcast on iTunes ! New & Notable Plugins Nessus Opera < 12.10 Multiple Vulnerabilities Oracle Forms Recognition Multiple ActiveX Control Arbitrary File Overwrite Vulnerabilities Adobe AIR 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24) Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24) Adobe AIR for Mac 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24) Flash Player for Mac <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24) Google Chrome < 23.0.1271.64 Multiple Vulnerabilities QuickTime < 7.7.3 Multiple Vulnerabilities (Windows) SolarWinds Orion NPM < 9.5 Login.asp Blind SQL Injection Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution

Pages