Tenable Network Security Podcast Episode 196 - "Endpoint Pro"
Announcements
- We're hiring! - Visit the Tenable website for more information about open positions.
- Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
- You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!
- Detecting The Trojan.POSRAM Malware
- Nessus Compliance Checks for FortiGate Devices
- Nessus 5.2.5 Is Available for Download
Discussion & Highlighted Plugins
- Endpoint Protection - New vulnerabilities have been remediated in the Symantec Endpoint Protection product. What many may not know is that this product does whitelisting. What are your thoughts on whitelisting, how can it help and is it feasible in some or many environments?
- Sonos, Smart TV, Playstations - Many will state that these such devices "are not on my network." But how do you know unless you look? How common are home and SOHO products on enterprise networks? What risks do they pose?
- Defining Critical - Last week we talked about critical vulnerabilities. This week, I want to turn the focus to critical log events. SANS published the "SANS 6 Categories of Critical Log Information" -- is this applicable to most organizations? Is one person's log data going to have different forms of "critical"? Or, are there categories that we can all share in common, and how many custom categories should you create?
Nessus
General
- IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (uncredentialed check)
- IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)
- IBM Domino 8.5.x < 8.5.3 FP6 iNotes Multiple XSS (credentialed check)
- IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)
- MySQL debian.cnf Plaintext Credential Disclosure
- Serv-U FTP Server < 15.0.0.0 Multiple Security Vulnerabilities
- XnView 2.x < 2.13 Multiple Buffer Overflows
- Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)
- Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)
- Google Chrome < 32.0.1700.76 Multiple Vulnerabilities
- Google Chrome < 32.0.1700.77 Multiple Vulnerabilities (Mac OS X)
- Oracle Database January 2014 Critical Patch Update
- MySQL 5.1.x < 5.1.72 Multiple Vulnerabilities
- MySQL 5.1.x < 5.1.73 Multiple Vulnerabilities
- MySQL 5.5 < 5.5.34 Multiple Vulnerabilities
- MySQL 5.5.x < 5.5.35 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.14 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.15 Multiple Vulnerabilities
- CUPS 1.6.x >= 1.6.4 / 1.7.x < 1.7.1 lppasswd Information Disclosure
- BlackBerry < 10.1.0.1880 Multiple Flash Player Code Execution Vulnerabilities
- Symantec Endpoint Protection Client < 11.0.7.4 / 12.1.2 (SYM14-001)
- Symantec Endpoint Protection Manager < 11.0.7.4 / 12.1.2 RU2 (SYM14-001)
- ColdFusion Extended Support Version Detection
- ColdFusion Unsupported Version Detection
- ColdFusion Extended Support Version Detection (credentialed check)
- ColdFusion Unsupported Version Detection (credentialed check)
- MapServer < 5.6.9 / 6.0.4 / 6.2.2 / 6.4.1 SQL Injection
- Drupal 6.x < 6.30 OpenID Module Account Hijacking
- Drupal 7.x < 7.26 Multiple Vulnerabilities
Passive Vulnerability Scanner
SecurityCenter Apps
Dashboards
Reports
Security News Stories
- SANS 6 Categories of Critical Log Information
- No sixth sense: '123456' is worst password of 2013 | Crave - CNET
- Snapchat's new verification already hacked | Security & Privacy - CNET News
- Linksys & Netgear Backdoor by the Numbers | Skizzle Sec
- Metasploit: Making Your Printer Say "Feed Me a ... | SecurityStreet
- How I bypassed 3rd-degree profiles in LinkedIn
- SI6 Networks
- Apple punts patches for holes in Pages and OS X, Windows iTunes
- Michaels Data Breach Under Investigation
- Punish careless employees to reduce security breaches, vendor says
- Authentication bypass bug exposes Foscam webcams to unauthorized access
Related Articles
YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious Products Scams for Views and Subscribers
January 12, 2022As Google's TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.
The Bad, the Ugly and the Cyber Immoral - Thank you, Uber
November 28, 2017Technology, business and morality are not mutually exclusive, but rather fundamentally intertwined into the fabric of how our society operates and will have to increasingly operate in the future. As i...
Ghosts of InfoSec
October 31, 2016.post-aside { background-color: #cbeaed; padding: 1em; font-size: .875em; line-height: 1.2; margin-bottom: 1em; } @media (min-width: 45em) { .post-aside { float: right; width: 300px; ma...
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor
April 25, 2024Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances.
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
- Personal security
- Podcast
- SANS
- Standards
- Vulnerability Management