Tenable Network Security Podcast - Episode 16
Welcome to the Tenable Network Security Podcast - Episode 16
Announcements
- A new blog post has been released that covers the December Microsoft Patch Tuesday roundup. In it we analyze some of the wording, details, and software vulnerabilities released in the December security bulletins from Microsoft.
- Hotfix02 for Security Center 3.4.5 has been released and addresses several small bug fixes. Customers can download the update from the Tenable support portal.
- We're hiring! - Visit the web site for more information about open positions, there are currently 14 open positions!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics, and more!
Stories
- Metasploit Project New Releases: Airpwn added - I wanted to use this story as a talking point to underscore a type of attack that not too many people know about. It debuted at Defcon years ago and is still a perfectly valid attack vector on open wireless networks. It allows an attacker to insert content into data streams using raw 802.11 frames. I've demonstrated this attack at conferences in the past, and had HTML code running on 50 people's browsers within a few minutes. The fix, use WPA!
- Adobe Flash Security Perspectives -Adobe, like Microsoft and other popular technologies, gets hit hard by attackers and many vulnerabilities are exposed as a result. This article covers both sides of the story, and offers some hope for Adobe as they realize that the popularity of their software has grown, and so should their security program and software development lifecycle.
- Be careful what you post online! - Employees, potential employees, and employers really need to take a hard look at what's being exposed through social networking sites. I'm not suggesting that companies "spy" on employees or potential employees, but to monitor what is available publicly.
- Cloud Security Public Announcement From Chris Hoff - If your security practices suck in the physical realm, you’ll be delighted by the surprising lack of change when you move to Cloud.
- Thunderbird 3.0 Released - While I'm not an earlier adopter of new software versions, it appears that version 3.0 of Thunderbird also fixes some newly discovered vulnerabilities. I'm still adjusting to the new features, but did perform the upgrade so that I could take advantage of any security fixes as well.
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.
- Podcast