Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Network Security Podcast - Episode 56

Welcome to the Tenable Network Security Podcast - Episode 56

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

Stories

  • SCADA Vendors Still Need Security Wake Up Call - Security researcher and member of the Tenable Research Team Jeremy Brown brings light to vulnerabilities in SCADA systems. I have been observing this behavior from vendors for quite some time (and not just in SCADA) and that is they don't want to admit there is a problem. You can look at this two ways: if I want to take over the world and cause mass hysteria and carnage, I could write exploits for control systems and take them over. Then again, finding a 0-day vulnerability in Windows XP and writing an exploit for it could have the same results. However, the general "feeling" I get from SCADA vendors is they are very distant from the security culture and processes. This has to change.
  • Cross-platform malware runs on Windows, Mac and Linux - This malware pretends to show you a video; it turns out it's a slide show from "Hot or Not" and in the background the malware installs a Java applet, asks you to trust it, and if you click "Allow" it downloads files to your computer and runs them. This is a very scary technique that has been most effective, both for penetration testers and evil bad guys alike.
  • iPhone, meet Wireshark - Capturing Traffic from Mobile Devices - You could really do this with any mobile phone. It could be fun to open multiple applications and see what data they are sending and receiving, and identify if encryption is or isn't being used.
  • BIOS Password Backdoors in Laptops - It really amazes me how vendors can just forget about security completely. According to this article, if you enter an incorrect BIOS password 3 times most systems will display a warning message that says "System Disabled" along with a checksum value. The checksum value can then be used to derive the real password via cracking methods published in several scripts released by the author.
  • Evilgrade gets an upgrade - There are now 63 modules in the Evilgrade framework, allowing attackers to intercept the update process of several popular applications and install software of their choosing. You do need to be "in the middle" to make this attack happen, however it can easily bypass antivirus and give you access to fully patched systems, or even turn a fully patched system in to a not-so-fully-patched-system.
  • [Insert Token Adobe Zero Day Vulnerability Warning Here] - End of message. No, seriously, there are more flaws being found in Adobe products, including Flash and Reader. My only suggestion is to take a look at FX's presentation from Black Hat 2010 called "Countering Flash Exploits". The overview is that they are working on software that looks at what an application does, such as Flash or a PDF document, then re-writing it and only allowing the functions that are being implemented. Think of it as a sandbox that is customized for every document and application. This technology has a good chance of creating a more secure computing environment for many.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training