Tenable Network Security Podcast Episode 161 - "Malware Detection, Virtual Patching"
Announcements
- Tenable CSO praises APT1 report as a standard for information sharing
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
New & Notable Plugins
Nessus
General
- Scrutinizer < 10.1.2 Multiple Vulnerabilities
- KSplice : Installed Patches
- Jenkins Detection
- Jenkins < 1.498 / 1.480.2 Unspecified Master Cryptographic Key Information Disclosure
- Jenkins < 1.502 / 1.480.3 Multiple Vulnerabilities
- Insecure Windows Service Permissions
- Ruby ftpd Gem filename Parameter Remote Command Execution
- Malicious Process Detection: User Defined Malware Running
- PDF-XChange Viewer < 2.5 Build 208 JPEG Processing Buffer Overflow
- Novell ZENworks Mobile Management Detection
- Novell ZENworks Mobile Management MDM.php Local File Inclusion
- IBM Data Studio Detection
- IBM Data Studio 3.1 / 3.1.1 Help System Multiple Vulnerabilities
Web Applications
Oracle
- Oracle Java JDK / JRE 5 < Update 41 Remote Code Execution (Windows)
- Oracle Java JDK / JRE 5 < Update 41 Remote Code Execution
- Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Windows)
- Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution
- Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Windows)
- Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution
Passive Vulnerability Scanner
Vulnerability Detection
- PHP 5.4.x < 5.4.12 Multiple Vulnerabilities
- Flash Player <= 10.3.183.67 / 11.6.602.171 Multiple Vulnerabilities (APSB13-09)
- Google Chrome < 25.0.1364.160 WebKit Type Confusion Code Execution
- Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution
- Mac OS X : Safari < 6.0.3 Multiple Vulnerabilities
- CoDeSys Gateway Service Detection (SCADA)
- CoDeSys Gateway Service Failed Login Detection (SCADA)
- CoDeSys Gateway Service Unprotected (SCADA)
- Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)
General Detection
SecurityCenter Dashboards and Report Templates
Nessus Configuration and Compliance Checks
Nessus ProfessionalFeed and SecurityCenter customers can download compliance checks from the Tenable Support Portal.
Stories
- Wipe the drive! Stealthy Malware Persistence - Part 2
- Security Appliances Are Riddled with Serious Vulnerabilities, Researcher Says | CIO.com
- Schneier on Security: Security Theater on the Wells Fargo Website
- Virtual Patching Cheat Sheet | OWASP
- North Korea's Internet returns after 36-hour outage
- Honeypot for phony waterworks gets hammered on Internet
- CCTV hack takes casino for $33 MILLION in poker losses
- Google, Mozilla, and Apple made the most vulnerable software of 2012
- Reuters staffer accused of aiding hackers
- Huawei 3G/4G USB sticks put users' security at risk
- Skype can be intercepted by intelligence agencies
- U.S. National Vulnerability Database Hacked
- Apple not ready to kill OS X Snow Leopard yet
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
- Podcast