Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 197 - "Telephony DoS, MediaWiki Vulnerabilities"

Announcements

  • We're hiring! - Visit the Tenable website for more information about open positions.
  • Want to ask questions about Nessus, PVS, SecurityCenter, and LCE, and get answers from the experts at Tenable? Join the Tenable Discussions Forum for custom scripts, announcements, and more!
  • You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter, and Facebook accounts at http://www.tenable.com/podcast!

Discussion & Highlighted Plugins

  • Telephony DoS - I read an interesting article that detailed an attack that used a combination of social engineering and a DoS attack against your phone system. The attacker calls the victim and asks about unpaid debt. Whether you have debt or not, the attacker insists on payment. If you refuse, a DoS attack is launched against your phone systems using a combination of cheap labor and VoIP phones. Interesting how one defends against this attack.
  • MediaWiki Vulnerability - There are actually two vulnerabilities in MediaWiki versions < 1.19.11 / 1.21.5 / 1.22.2. Yikes, this is widely deployed software, according to the reports from Checkpoint "Wikipedia.org is the sixth most-visited web site in the world, with over 94 million unique visitors per month and almost 2 million sites linking to it." This is a vulnerability to seek out and patch in your own environment. Who knows who may have installed this software and forgotten about it, giving attackers a foothold in your network? The two features that suffer from the vulnerability are not enabled by default, though I am unclear exactly which features these relate to. I've run MediaWiki for about 5 years, done several upgrades, and they are pretty painless.

Nessus

General

Passive Vulnerability Scanner

SecurityCenter Apps

Dashboards

Reports

Security News Stories

  1. SC Magazine Reviews SecurityCenter Continuous View - 5 Stars Across the Board
  2. A fine mess: Global data breach legislation
  3. Vulnerability Top Ten Executive Report
  4. Passive Vulnerability Scanner (PVS) 4.0.1 Now Available
  5. Leveraging Logins and Login Failures to Track Insiders
  6. How I Lost My $50,000 Twitter Username | Medium
  7. A chain is only as strong as its weakest link - DNS Hijack Monitoring | Corelan Team
  8. Reversing the WRT120N's Firmware Obfuscation | /dev/ttyS0
  9. RFKiller/mass-deauth | GitHub
  10. DanMcInerney/wifijammer | GitHub
  11. SecUpwN/Android-IMSI-Catcher-Detector | GitHub
  12. Target Hackers Broke in Via HVAC Company
  13. Installing Nessus on Kali Linux and Doing a Credentialed Scan
  14. JavaScript: the one true language
  15. Exploring the Telephony Denial of Service (TDoS)
  16. Mind Streams of Information Security Knowledge: A Peek Inside a Customer-ized API-enabled DIY Online Lab for Generating Multi-OS Mobile Malware | Dancho Danchev's Blog
  17. Mobile Malware Captures Keystrokes and Screengrabs | Threatpost
  18. Nest Team Will Become Google's Core Hardware Group
  19. Only Your Heartbeat Can Unlock This Bitcoin Wallet
  20. Wikipedia Remote Execution Vulnerability Patched | Threatpost
  21. Details Emerge on Latest Adobe Flash Zero-Day Exploit
  22. Rare Twitter username 'stolen' | In2EastAfrica
  23. Target Hackers Used Stolen Vendor Credentials
  24. Chewbacca Attack Hits Shops In 11 Nations
  25. US Hotels Look Into Data Security Breach
  26. The Government Wants Our Cars To Talk To Each Other
  27. Windows XP Support Cut-Off Could Lead To Spam Boom
  28. 800,000 Orange France Customers Face Cyberattack

 

 

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.