Tenable Network Security Podcast - Episode 83
Welcome to the Tenable Network Security Podcast - Episode 83
Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher
Announcements
- A new blog post has been published:
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
- A new Nessus plugin is being released into the feed that will identify the device type of your targets. For example, if Nessus finds that a device is running Cisco IOS, it will flag it as device type: router. This is useful when reporting, trending, and "dashboarding" with SecurityCenter.
- A new promotion is being run: All new Nessus Professional Feed users will receive a free demo of the Nessus Perimeter Service.
- Upcoming Product Releases: SecurityCenter 4.2 and LCE 3.6.1. One of the major new features of SecurityCenter 4.2 is the ability to share dashboards. You can visit our dashboards page for a sneak preview.
Stories
- Using Google Web Search to Find Compromised Google Images - "...even though the image is actually hosted on a server at enterupdate.com, Google will display the image preview and site information as though it's from the referring (compromised) site." This is a pretty big problem and I hope the smart folks at Google can come up with a solution. I still like the idea of the "petri dish", and having a virtual system surf to the pages and see if it gets infected.
- Architect of Great Firewall of China 'takes shoe to face' - "The creator of the Great Firewall of China was reportedly pelted with shoes and eggs during a visit to Wuhan University last week." I hope you treat your firewall administrators better.
- How to stop your executives from being harpooned - First, the article talks about "spear phishing", "whales", and "harpooning" but has nothing to do with attacks on killer whales or references to Star Trek: The Voyage Home. The article does try to give us some tips on how to prevent your executives from successful social engineering attacks. Some of the advice is okay, some is just buzz words we've always heard like "user education". I do agree, by socially engineering your own users you can create a culture of awareness. I think every organization should do this. However, I also believe that it only takes one user and one skilled social engineer to have an attack be successful. This is where technology comes in to help you; unfortunately, it's typically too late. The article does say one thing that I find a bit out of place: "you can't rely on automated security tools to safeguard your user, information, and network -- you have to do hands-on investigation and monitoring as well." I think its misguided to say that you can't "rely" on automated tools. They are just that, tools, and you need people who know how to use the tools in order to get things done. When you build a house you are going to use hammers. In fact, you may even have automatic nail guns to assist you. But you can't just expect these tools to build the house... you need people with skills.
- Cold calling scams return with a twist - I've heard this story before: a user gets a call from "Microsoft Support" and walks the user through purchasing and installing the solution. Of course, the criminal makes out with the cash and gets the user to install malware. Brilliant!
- Sony hit again with two hacks - Do I dare say "poor Sony"? They just can't seem to catch a break this week, logging to more security breaches that hit the media this week. As if the Sony rootkit wasn't enough....
- Battling 'Breach Fatigue' - Goes with Less Talk, More Action - "A fight breaks out between giant robots, pirates, and ninjas. Who wins?" At what point are we just talking about things that don't really matter?
Related Articles
NIST Cybersecurity Framework Adopted by Thirty Percent of US Organizations
February 18, 2016In the February 18, 2016 Risky Business podcast, Cris Thomas speaks with Patrick Gray about the NIST Cybersecurity Framework. Gartner recently announced that 30% of all US organizations - both public...
Tenable Network Security Podcast Episode 206 - "PCI, Breaches and more!"
September 15, 2014
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Podcast