Tenable Network Security Podcast - Episode 87
Welcome to the Tenable Network Security Podcast - Episode 87
Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher, Jack Daniel, Product Manager
Announcements
- Several new blog posts have been published to the Tenable Blog:
- 4 out of 5 CISOs Don't Scan for Off-Port Web Servers
- Comparing the PCI, CIS and FDCC Certification Standards
- Firewall and Boundary Auditing Best Practices
- Risky Business #198 - Tenable CEO Interview on Cybercrime Insurance
- Microsoft Patch Tuesday Roundup - June 2011
- Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
- We're hiring! - Visit the Tenable web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
Stories
- WordPress plugins Trojanised, spotted, fixed - I get nervous when the application I am using supports plugins and add-ons that are not written or even checked centrally. It compromises the security of the framework.
- Patching Flash - CVE-2011-2110 post-mortem - People patch Flash quicker than Java, however we can still get an improperly signed Java application to execute code. In fact, we can even purchase a certificate, rid ourselves of the warning, and still get code execution, and to throw in a bonus we can bypass anti-virus. You don't need a vulnerability to compromise a system.
- Most Common iPhone Passcodes - "1234", that's also the password to my luggage.
- Sony lawsuit: security experts fired prior to breach - I bet there are a few people sitting around saying, "I told you so".
- DNS cache poisoning: still works and still makes lots of damage - Why can't we as a community work to prevent this type of attack, or can we?
- Are All Networks Vulnerable? - Is yours? Johannes makes a good point, it's not about protecting 100% of the security incidents.
- Rootkit infection requires Windows reinstall, says Microsoft - Get this, it's a "boot sector" virus, remember those?
- Disgruntled IT guy slips porn into CEO's PowerPoint - A few lessons learned here: 1) Never give a presentation while your laptop has a network/Internet connection, 2) Don't anger your IT department, 3) Maintain the integrity of your laptop.
- Virtualization and cloud computing race ahead of security practices - I mean, really, what is all the fuss about virtualization security? Your systems can be virtual or real, security is still a problem. I just don't get all the fuss.
Related Articles
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.