Tenable Blog

On June 4, 2010, Adobe announced a new attack being exploited in the wild that targeted Adobe products, and word spread quickly. Adobe’s security bulletin (APSA10-01) provided few details, but confirmed that attackers were actively exploiting a vulnerability that affected their Flash Player, Adobe Reader and Acrobat. The advisory provided some immediate mitigation techniques such as upgrading Flash Player to 10.1 RC or removing access to authplay.dll for Reader or Acrobat.

Here we go again - another massive “Patch Tuesday”, brought to you by Microsoft. This particular bundle addresses 34 vulnerabilities in Windows, IE, Office, .NET Framework, IIS and Sharepoint, a tie for the largest vulnerability count in a single Microsoft Patch Tuesday to date. The advisories include a wide range of vulnerabilities including code execution, privilege escalation, information disclosure, denial of service and cross-site scripting (XSS).

Among the vulnerabilities addressed in June’s updates are two issues that were recognized by Microsoft in February and April. Three of the ten updates have been given severity ratings of “critical” while the other seven are rated as “important”. Six updates affect the Windows operating system, including Microsoft’s newest OS, Windows 7. As always, Tenable has released Nessus plugins to perform credentialed checks to detect each of these vulnerabilities and help aid your remediation processes.

Patch Tuesday Breakdown and Thoughts:

The Front Range OWASP Conference (FROC) 2010 was held in Denver, Colorado last week and provided a full day of talks and events aimed at a wide variety of information security professionals. The event featured three speaker tracks: “App Sec/Technical”, “Cloud/Mobile/Emerging” and “Management/Executive” as well as a panel discussion and Capture the Flag (CTF) contest. Since 2003, OWASP has maintained and updated the OWASP Top 10 list to categorize and prioritize web application risks as they have evolved over the years, and the list has become a popular tool for helping organizations assess risk and formulate their remediation strategies.

Welcome to the Tenable Network Security Podcast - Episode 36

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Nessus Spotlight: su+sudo Feature
  • SecurityCenter Webinar in French!
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.
• We're hiring! - Visit the web site for more information about open positions. There are currently 7 open positions listed, including a Digital/Web Strategy Coordinator.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

Interview: Ron Gula - Security Architecture Summit

With the release of Nessus 4.2.2 a new method of credential elevation has been included for Unix-based hosts that have sudo installed: “su+sudo.” This method allows you to provide credentials for an account that does not have sudo permissions, su to a user account that does, and then issue the sudo command. 

This configuration provides greater security for your credentials during scanning, and satisfies compliance requirements for many organizations.

To enable this feature, simply select “su+sudo” in the “Elevate privileges with” section under the credentials/SSH settings as shown in the following screen shot:

Under the “SSH user name”, and “SSH password” tabs, enter the credentials that do not have sudo privileges. In the example above, the user account is “raven.” From the “Elevate privileges with” pull-down menu, select “su+sudo.” Under the “su login” and “su/sudo password” tabs enter the user name and password that do have privileged credentials, in this example “sumi.”

No other scan policy changes are required.