Tenable Network Security Podcast Episode 181 - "SecurityCenter 4.7 Released, PHP Vulnerabilities"
Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page.
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
New Release: SecurityCenter 4.7
- A new version of SecurityCenter has been released this week.
Measuring What Matters
- I read an interesting post this week about security metrics. It was a little story about how the person responsible for security gave a quarterly presentation to management. It didn't contain much in the way of metrics, but offered up an entertaining look at the threats, defenses, and general happenings surrounding security. After the presentation, he had support for budget, but purposely left out metrics, claiming they could hurt the security budget. What are appropriate metrics? How can they help or hurt you?
More PHP Vulnerabilities
- Both Nessus and the Passive Vulnerability Scanner (PVS) got updated this week for detecting vulnerabilities in PHP itself. One of the world's most widely deployed web server technologies, now with more patches to apply. Not only are there concerns about the applications being built on the platform, but also the platform itself. What can users do to protect themselves from being yet another PHP vulnerability?
New & Notable Plugins
Nessus
General
- HP LoadRunner lrLRIServices ActiveX Control Code Execution Vulnerability
- DotNetNuke __dnnVariable Parameter XSS
- PHP 5.4.x < 5.4.18 Multiple Vulnerabilities
- PHP 5.5.x < 5.5.2 Multiple Vulnerabilities
- Sun SPARC Enterprise T5120 and T5220 Default Configuration Root Command Execution Vulnerability
- HP LoadRunner < 11.52 Code Execution
- RSA Authentication Agent Installed
- Apple QuickTime MPEG-2 Playback Component Vulnerability
- Cisco Unified Presence Server DoS (cisco-sa-20120912-cupxcp)
- Cisco Unified Presence Server DoS (cisco-sa-20130227-cups)
- DotNetNuke DNNArticle Module categoryid Parameter SQL Injection
- Google Chrome < 29.0.1547.57 Multiple Vulnerabilities
- PowerDNS Recursor 3.3.x / 3.4.x / 3.5 RC1 Domain Name Resolving Vulnerability
- RSA Authentication Agent 7.1.x < 7.1.2 Authentication Bypass
- Tumbleweed SecureTransport vcst_eu.dll ActiveX Control Buffer Overflows
- CiscoWorks Common Services Installed
- CiscoWorks Common Services Arbitrary Code Execution (cisco-sa-20101027-cs)
Passive Vulnerability Scanner
Security News Stories
- Getting over the fear of measuring what matters
- Installing Printers with PowerShell
- Security Researcher Hacks Mark Zuckerberg's Wall To Prove His Exploit Works | TechCrunch
- Fibre Channel Reconnaissance - Reloaded | ISC Diary
- LinEnum - Scripted Linux Enumeration & Privilege Escalation Checks
- levle/rdesktop-fuzzer | GitHub
- Nearly One-Fifth Of Enterprise Operating Systems Not Fully Patched
- Hackers may cash in when XP is retired
Related Articles
NIST Cybersecurity Framework Adopted by Thirty Percent of US Organizations
February 18, 2016In the February 18, 2016 Risky Business podcast, Cris Thomas speaks with Patrick Gray about the NIST Cybersecurity Framework. Gartner recently announced that 30% of all US organizations - both public...
Tenable Network Security Podcast Episode 206 - "PCI, Breaches and more!"
September 15, 2014
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
- Podcast