Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Network Security Podcast Episode 121 - "Enterprise Netstat, OS X Trojans"

Announcements

New & Notable Plugins

Nessus:

Passive Vulnerability Scanner (PVS):

  • Real Networks RealPlayer < 14.0.6.666 (Build 12.0.1.666) Multiple Vulnerabilities - Sometimes you just have to install select software to make something work. This is one such example, where a video won't play for a user, so they have to quickly install RealPlayer to make it work. Then they forget about it, and it's never kept up-to-date.
  • TeamViewer detection - This software reminds me of PC Anywhere, or even better, GoToMyPC, all of which are just bad ideas. They work to bypass firewalls and give people access to their desktops. From a security perspective, this type of access has always led to risky situations, which are often taken advantage of by attackers.

SecurityCenter Report Templates:

  • Nessus Enhanced Botnet Detection - "The sample above was cut from one of three chapters and depicts the successful progress towards the removal of malicious software, and related configuration changes, measured by repetitive Nessus scanning over time. After the sharp upwards trend caused by initial malware detection there is a healthy downwards trend."
  • TeamViewer Detection - "This template was designed to report hosts and network locations that have been observed using TeamViewer. The sample above was cut from one of two chapters in the template and points to the physical network locations where TeamViewer was observed in use."

Stories

  1. Three No-Nos When Interviewing For an InfoSec Job - Some really funny stories here, like the interviewee who was hacking into the wireless network!
  2. USB drive uses voice recognition for increased security - I'm curious to see how (or if) this really works, a voice pattern to unlock your USB thumb drive. Very James Bond, but typically the security on these devices is bypassed some other way, getting around the "my voice is my password." Though, I've always wanted to say, "Hi, my name is Werner Brandes. My voice is my passport. Verify Me."
  3. WordPress fixes file upload security problems - Wordpress is a scary place. If you must use it, make sure you have your own install, are hardening your PHP install, and using something like Mod_Security.
  4. Firefox skirts Windows security feature to make silent updates happen - UAC bypass to install updates!
  5. Monitor OS X LaunchAgents folders to help prevent malware attacks - There are a few different folders in OS X software will reside in to automatically start. This is a neat place to look and check the things that get placed here. Similar to the Windows registry keys.
  6. 15-year-old arrested for hacking 259 companies - How bad is website security when a 15-year-old can hack over 200 companies?
  7. XSS Shortening Cheatsheet « Neohapsis Labs - Pay attention to this if you are finding XSS and not able to exploit it or demonstrate it.
  8. The Trouble with IPv6
  9. Security Issues in IPv6 Transition

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training