Tenable Blog

Announcements

• Tenable Network Security's Jack Daniel to Present at Gartner Security & Risk Management Summit
• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!

New & Notable Plugins

Nessus

• Sharebar Plugin for WordPress status Parameter XSS
• Citrix XenApp Unspecified Remote Denial of Service
• Atlassian JIRA Version 5.0.1 XML Parsing Vulnerability
• Ecava IntegraXor DLL Traversal Arbitrary File Overwrite
• HP SAN/iQ Root Shell Command Injection
• Tornado version 2.2.1 or Less HTTP Response Splitting

Keeping Malware in Check

A limitation of anti-virus (AV) agents is they often do not evaluate the entire known malware sample found running on a system. Polymorphic and mutating viruses make it possible for one AV vendor to detect a malicious sample and another to completely miss it. It's not feasible to run every AV program available on the market today in your network to make up for gaps in coverage. Nessus already helps you with malware detection, for example:

• Nessus reports if the scanned host is on a known botnet list, communicating with a known botnet IP, or hosting malicious content associated with botnet propagation.
• Nessus audits your anti-virus agent by reporting if it’s misconfigured or has out-of-date rules.

Tenable's research team recently added new functionality to Nessus which will detect known malware running on your Windows scan targets. Below is an overview of how this new feature works:

1. Nessus authenticates to the Windows system.
2. Nessus enumerates the list of running processes on the system.
3. For each process, a cryptographic hash is generated and looked up against Tenable's cloud-based database
4. If the process is found to be malicious, the plugin logs the results with information about the malware found.

You can watch a short video on how to configure and run this plugin below:

Announcements

• New Nessus Feature Added: CSV Export
• Tenable Network Security Named Top ‘Cyber Warrior’ at Baltimore SmartCEO VOLT Awards
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Nessus

• QuickTime for Windows Versions prior to 7.7.2 Vulnerabilities - A long list of stack, heap, and integer overflows in Quicktime is fixed with this set of patches for Quicktime running on Windows. I'm curious to see if there are exploits available and how modern protections against them will work, or not.
• SolarWinds Storage Manager Server LoginServlet SQL Injection - This is usually bad: "The version of SolarWinds Storage Manager running on the remote host has a SQL injection vulnerability in the 'loginName' parameter of the 'LoginServlet' page." This typically means you don't need credentials to exploit the vulnerability, and access to the database via SQL injection can lead to shell access and the ability to download the data contained on the system.
• Pidgin OTR (Off-the-Record) Format String Vulnerability - I've used OTR for some time now to prevent attackers from snooping on my IM conversations. It sounds like this could be exploited if you accepted a key from someone who was sending a malicious OTR key, thus triggering the format string vulnerability.

Tenable has added a compliance check for Windows which allows users to compare file hashes using a .audit script (Windows compliance checks v2.0.32 or later). By default, MD5 is used to compare two versions of a file, however, users can compare hashes generated with SHA1, SHA256, SHA384, SHA512, or RIPEMD160 algorithms.

Exporting To CSV

Nessus now supports the ability to export your reports into a comma-delimited file format (CSV). Using this export format, you can import the results into your favorite spreadsheet program. Tenable recommends using the following software:

• Microsoft Excel 2010 or later
• Apple iWork Numbers

To export a CSV-formatted report, select any of your existing Nessus results, click "Download Report," and then choose "CSV" as shown below.

Select the "CSV" Reporting Format