Tenable Network Security Podcast Episode 145 - "Source Code Leaks, Problems with Computer Security"
November 8, 2012<h3>Announcements</h3> <ul> <li><a href="http://www.tenable.com/careers/">We're hiring</a>! - Visit the Tenable website for more information about open positions.</li> <li>Check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> which contains new Nessus and SecurityCenter 4 tutorials.</li> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make product and company announcements, provide Nessus plugin statistics, and more!</li> <li>Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join <a href="https://discussions.nessus.org">Tenable's Discussion Forum</a> for custom scripts, announcements, and more!</li> <li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes</a>!</li></ul> <h3>New & Notable Plugins</h3> <h4>Nessus</h4> <ul> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62757">ZABBIX Web Interface popup_bitem.php itemid Parameter SQL Injection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62776">Temenos T24 Detection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62783">ManageEngine OpStor Default Administrator Credentials</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62784">ManageEngine OpStor availability730.do days Parameter XSS</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62785">ManageEngine SupportCenter Plus HomePage.do fromCustomer Parameter XSS</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62795">CoDeSys PLC Runtime Service Detection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62796">CoDeSys Authentication Bypass Directory Traversal</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62797">CoDeSys Unauthenticated Command-line Access</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62798">Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62800">Kaspersky Password Manager 5.x < 5.0.0.169 HTML Injection</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62801">Mac OS X : OS X Server < 2.1.1 Multiple Vulnerabilities</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62802">Mac OS X : Safari < 6.0.2 Multiple Vulnerabilities</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62803">Apple iOS < 6.0.1 Multiple Vulnerabilities</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62812">CA ARCserve Backup Multiple Vulnerabilities (CA20121018) (credentialed check)</a></li> <li><a href="http://www.tenable.com/plugins/index.php?view=single&id=62813">Symphony CMS Password Retrieval Script XSS</a></li> </ul>
Tenable Releases SecurityCenter Continuous View
August 9, 2012<p>Today, Tenable <a href="http://www.tenable.com/news-events/press-releases/2012-tenable-network-security-unveils-securitycenter-continuous-view" target="_self" title="Tenable Network Security Unveils SecurityCenter Continuous View">announced </a>the availability of a new edition of SecurityCenter, called Continuous View.</p> <p>This edition of SecurityCenter uniquely encompasses both scanning and monitoring, with the inclusion of Tenable's Passive Vulnerability Scanner (PVS). That makes SecurityCenter Continuous View uniquely capable of addressing vulnerability, configuration, and compliance management requirements for emerging technologies like mobile devices, cloud-based services, social applications, and virtual systems.</p> <p>The flexible licensing approach provided by SecurityCenter Continuous View allows enterprise customers to deploy PVS in much the same way as they do with Nessus within SecurityCenter, pretty much as many as needed.</p> <p>Existing SecurityCenter customers can upgrade to a ContinuousView license and begin to enjoy the benefits of continuous monitoring with PVS. These include:</p> <ul> <li>Real-time identification of server and client vulnerabilities </li> <li>Identification of mobile devices and their vulnerabilities </li> <li>Passive discovery of all internal and external web servers and databases </li> <li>Identification of trust and communication paths </li> <li>Passive monitoring of virtual environments </li> </ul>
Tenable Network Security Podcast Episode 119 - "Macs Don't Get Viruses, Detecting OS X Malware"
April 9, 2012<h3>Announcements</h3> <ul> <p><li><a href="http://www.nessus.org/news-events/press-releases/2012-tenable-network-security-certified-as-approved-scanning-vendor-asv-b">Tenable Network Security Certified as Approved Scanning Vendor (ASV) by PCI Security Standards Council</a>.</li></p> <p><li>Check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> that contains the latest Nessus and SecurityCenter 4 tutorials. The <a href="http://www.youtube.com/playlist?list=PL339F3E44CA4D523D&feature=plcp">"Top Ten Things You Didn't Know About Nessus" videos</a> have been posted from #10 through #2, so check them out!</li></p> <p><li><a href="http://www.tenable.com/careers/">We're hiring</a>! - Visit the Tenable website for more information about open positions.</li></p> <p><li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes</a>!</li></p> <p><li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make product and company announcements, provide Nessus plugin statistics, and more!</li></p> <p><li>Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join <a href="https://discussions.nessus.org">Tenable's Discussion Forum</a> for custom scripts, announcements, and more!</li></p> <p><li><a href="http://blog.tenablesecurity.com/2012/03/nessus-5-on-demand-training-now-available.html">Nessus 5 OnDemand Training Now Available</a></li></p></ul> <h3>New & Notable Plugins</h3> <p><strong>Nessus:</strong></p> <ul><p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58604">OS Identification : NativeLanManager</a> - </li></p> <p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58603">at32 Reverse Proxy Admin Portal No Password</a> -</li></p> <p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58601">Microsoft ASP.NET ValidateRequest Filters Bypass</a> - </li></p> <p><li><a href="http://www.nessus.org/plugins/index.php?view=single&id=58621">Cisco WebEx WRF Player Multiple Buffer Overflows (cisco-sa-20120404-webex)</a> - </li></p></ul> <p><br /> </p>
SecurityCenter 4.2 and Community Dashboard Site Released
May 30, 2011<p><a href="http://blog.tenable.com/.a/6a00d8345495f669e201538ed394cc970b-pi" style="display: inline;"><img alt="FWR_SC" border="0" class="asset asset-image at-xid-6a00d8345495f669e201538ed394cc970b" src="http://blog.tenable.com/.a/6a00d8345495f669e201538ed394cc970b-800wi" title="FWR_SC" /></a>   <br />Tenable Network Security is proud to announce the immediate availability of SecurityCenter 4.2. SecurityCenter is used to centralize and report on system and event data such as vulnerabilities, logs, NetFlow, configurations and more. </p>
Tenable All-Star Showcase - Atlanta - February 22
February 7, 2011 Tenable Network Security will be hosting a half-day security and compliance seminar in Atlanta featuring Marcus Ranum, Ron Gula and Renaud Deraison. This is your chance to interact with Tenable ...
Putting a Virus under the SIEM Microscope Webinar
January 13, 2011 When a virus infected one of my Nessus scan targets, I did what any sensible CEO of a SIEM company would do - let it run and see what types of logs and alerts it generated!Over the 30...
Tenable Network Security Podcast - Episode 64
January 5, 2011<p>Welcome to the Tenable Network Security Podcast - Episode 64</p> <p>Hosts: Paul Asadoorian, Product Evangelist, and Ron Gula, CEO/CTO</p> <h3>Announcements</h3> <ul> <li>Several new blog posts have been published this week, including: <ul><li><a href="http://blog.tenablesecurity.com/2011/01/log-correlation-engine-36-now-with-its-own-gui.html">Log Correlation Engine 3.6 – Now with its own GUI</a></li> <li><a href="http://blog.tenablesecurity.com/2010/12/ssl-certificate-authority-auditing-with-nessus.html">SSL Certificate Authority Auditing with Nessus</a></li> <li><a href="http://blog.tenablesecurity.com/2010/12/securitycenter-4-receives-fdcc-and-scap-validated-tool-certification.html">SecurityCenter 4 Receives FDCC and SCAP Validated Tool Certification</a></li> <li><a href="http://blog.tenablesecurity.com/2010/12/3d-tool-beta-video.html">3D Tool beta Video</a></li></ul> </li> <p><li>Check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> that contains the latest Nessus <strong>and SecurityCenter 4</strong> tutorials, including the new <a href="http://www.youtube.com/watch?v=8rFVEijp2Gs">3D Tool Beta</a>.</li><br /> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the Tenable web site for more information about open positions. </li><br /> <li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes!</a></li><br /> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, provide Nessus plugin statistics and more!</li></ul><br /> </p>
Log Correlation Engine 3.6 – Now with its own GUI
January 5, 2011<p>Tenable Network Security has released version 3.6 of the <a href="http://www.nessus.org/products/lce/" target="_self">Log Correlation Engine</a>. This new version includes many performance enhancements as well as its own web-based user interface. This blog entry describes the new user interface, the increased performance and the new features of LCE 3.6.</p>
SSL Certificate Authority Auditing with Nessus
December 28, 2010<p>Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # <a href="http://www.tenable.com/plugins/index.php?view=single&id=51192">51192</a>, test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.</p>
Introducing the Nessus Perimeter Service : redefining the cost of online scanning
December 7, 2010 Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now off...
Tenable at Black Hat USA 2010!
July 12, 2010<p>July hasn’t been hot enough for me and some of the other Tenable staffers, so we will be heading to the desert of Las Vegas in a few weeks to attend <a href="https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html" target="_blank">Black Hat USA 2010</a>! Since 1997, the Black Hat conference has provided a neutral ground for security researchers, government agencies and information security professionals to integrate their varied perspectives. This will be my ninth year at Black Hat and I’ve always found it to be an intense couple of days meeting up with almost everyone I know in the Infosec field. I’m delighted that Tenable will be represented in the Black Hat Trainings, Black Hat Briefings, Black Hat vendor area and <a href="http://www.defcon.org/html/defcon-18/dc-18-index.html" target="_blank">DEF CON</a> this year.</p><p></p> <p>Tenable’s Product Evangelist, Paul Asadoorian, will be teaching two sessions of a brand-new (seriously – we’re still editing it) <a href="http://blackhat.com/html/bh-us-10/training/bh-us-10-training_TEN-AdvNessus.html" target="_blank">Advanced Nessus Training Class</a>.</p> <p>This class is intended for those who are already familiar with Nessus and will cover special techniques and testing situations that you may not be familiar with. There will be a lot of hands-on lab work, assisted by Tenable’s lead Trainer, David Poynter (so that Paul can keep talking, one of his favorite activities). The first session will be held on Saturday and Sunday (July 24 & 25) and the second session on Monday and Tuesday (July 26 & 27). There are still a few seats open in both sessions, but they are filling up fast!</p>
Tenable Network Security Podcast - Episode 41
July 6, 2010<p>Welcome to the Tenable Network Security Podcast - Episode 41</p> <p>Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst</p> <h3>Announcements</h3> <ul> <li>Several new blog posts have been published this week, including: <ul> <li><a href="http://blog.tenablesecurity.com/2010/07/research-spotlight-the-evil-that-bots-do.html">Research Spotlight: The Evil That Bots Do</a></li> <li><a href="http://blog.tenablesecurity.com/2010/06/event-analysis-training---analyzing-outbound-sql-queries.html">Event Analysis Training - Analyzing Outbound SQL Queries</a></li> </ul> </li> <p><li>New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both <a href="http://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_TEN-AdvNessus.html">Black Hat Las Vegas 2010</a> and <a href="http://2010.brucon.org/index.php/Training#Training_.235:_Advanced_Vulnerability_Scanning_Techniques_Using_Nessus">BruCon 2010</a>. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner. <br /> <li>Be certain to check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> that contains the latest Nessus tutorials.</li><br /> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the web site for more information about open positions. There are currently 10 open positions listed, including a <a href="http://www.nessus.org/about/index.php?view=jobs_web_coordinator">Digital/Web Strategy Coordinator.</a></li><br /> <li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes!</a></li><br /> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, provide Nessus plugin statistics and more!</li><br /> </ul></p>