Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 129 - "More RDP Vulnerabilities, Hacking Back?"

Welcome to the Tenable Network Security Podcast Episode 129

Announcements

New & Notable Plugins

Nessus

Passive Vulnerability Scanner

SecurityCenter Report Templates

Compliance Checks

Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.

Stories

  1. Parsing Nessus CSV Reports with PowerShell - Nice article from our very own Carlos Perez!
  2. Encoding malicious PDFs avoids detection - "After experimenting with the XDP format, he was able to create another file that fooled all 42 anti-virus engines used on VirusTotal." That's an excellent success rate, especially for such an easy technique. While Anti-Virus bypass has always been a hot topic, we always seem to make the recommendation that organizations still use Anti-Virus products, why is that?
  3. Survey Says - Security Spending Going Up, Up, Up - "It's one thing to say that attackers are getting better all the time (true) and it's valid to say that organizational change that benefits security is hard, but at the same time if the budget dollars creates malinvestment, well that one is on our industry." The big question is, are we "malinvesting" or truly improving our security posture?
  4. How Intelligence Makes You Vulnerable - "When people face an uncertain situation, they don’t carefully evaluate the information or look up relevant statistics. Instead, their decisions depend on a long list of mental shortcuts, which often lead them to make foolish decisions. These shortcuts aren’t a faster way of doing the math; they’re a way of skipping the math altogether." Math is hard, I get it. But seriously, what makes people so inclined to make foolish decisions? More importantly, how do we educate the workforce to be resiliant to these threats?
  5. TippingPoint ZDI defectors launch new vulnerability buying program - "Exodus Intelligence will use the flaw buying program and information from internal research to create a 'vulnerability intelligence data feed.'” Does having access to information about 0-day exploits really help increase the security of your organization?
  6. Google warns about 'state-sponsored' hack attacks - Very little information to go on, but my question is: Does knowing that an attack is state-sponsored change the way you defend against it?
  7. Post-hack, companies fire back with their own attacks - "Attacking hackers isn't necessarily the most advisable course. By doing so, companies run the risk of having their efforts brought to light, and those that make the decision could face legal reprisal. Still, some might view it as one of the best ways to send a message back to hackers that they're willing to fight it out." If there's one thing you don't want, it's an arms race with the bad guys. Your organization has a goal, stick to that, and try not to get into a "fight" with the attackers, you will most certainly lose. I've presented on constructive ways to implement "hacking back," however, this article hints towards the more traditional sense of hacking back. Again, it could spell legal trouble for you or your organization. On the other hand, organizations seem to be losing.
  8. Honeynet looks to trap USB malware - A neat implementation of USB that will capture malware transmitted through USB thumb drives. It's hard to believe that in this day and age we are still using USB thumb drives, however, sometimes it's the best way to get stuff from point A to point B.