Tenable Network Security Podcast - Episode 60
Welcome to the Tenable Network Security Podcast - Episode 60
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
Announcements
- A new blog posts has been published this week:
- Don't forget to sign up for Advanced SIEM Webinar Series - November through December
- Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!
Stories
- SSL: the sites which don't want to protect their users - With it being "Cyber Monday", I thought this post was timely.
- Whacking Moles - It's neat that defenders still like to play the process "whacking" game, even though you can execute everything in memory using an already existing process. It does make for fun command line kung fu though, which I still think is handy if you are a systems administrator.
- Windows "0-Day" Flaw Bypasses UAC - There are many users who believe either one of two things about UAC: 1) "Wow, this really helps me be secure!" or 2) "Wow, this is annoying, turning it off now". In either case, the user is in a bad situation. Believing that something can keep you secure often leads to a quick downfall.
- You're Only As Secure As Your DNS Servers - As Secunia found out, you should have some pretty tight security around your DNS server, especially if you run a service where users can scan their PCs for outdated software. Wow, wouldn't that be a neat database for an attacker to get their hands on!
- Apple iOS Networking Packet Filter Rule Invalid Pointer Access Local Privilege Escalation - Remote attacks against iPhones would be bad as they are easy to identify on the network. You could even target just AT&T address space.
- ZeuS variant only infects super-fast PCs - Malware authors are looking to evade detection and analysis, rather than just harness computing power. Even a bunch of slow PCs can do a lot of "evil bidding".
Related Articles
NIST Cybersecurity Framework Adopted by Thirty Percent of US Organizations
February 18, 2016In the February 18, 2016 Risky Business podcast, Cris Thomas speaks with Patrick Gray about the NIST Cybersecurity Framework. Gartner recently announced that 30% of all US organizations - both public...
Tenable Network Security Podcast Episode 206 - "PCI, Breaches and more!"
September 15, 2014
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Podcast