Updated functionality - OpenSSL local detections and...
Updated functionality - OpenSSL local detections and vulnerability plugins Background Most instances of OpenSSL are not compiled from source - rather, they are installed as part of another package or library. In such cases, it is not the responsibility of the OpenSSL Project to provide updates and/or patches directly to the end user for these installs. Rather, it is the responsibility of the vendor in question. Take for example Tenable Nessus as an application. It is Tenable’s responsibility to decide if a given vulnerability applies to its implementation of OpenSSL and to provide patches and a Security Advisory, such as TNS-2023-27, if needed. Changes 1.) Plugin 168007, "OpenSSL Installed (Linux)", will have the ability to correlate an OpenSSL package to the file or library that installed it, giving users more control over whether or not generic OpenSSL vulnerability plugins (i.e. those found in the "Web Servers" family, listed here) should fire against those installs, or if the scan should solely rely on the vendor’s specific advisory for the OpenSSL packaged with their software. Such detections will now be marked as “managed” software. 2.) Plugin 168149, "OpenSSL Installed (Windows)", will now enumerate OpenSSL installs as “managed” software. 3.) The changes outlined in the Research Release Highlight, here, will be reverted, allowing our generic OpenSSL vulnerability checks to ingest data obtained via the aforementioned local detections. Impact Users will now see the OpenSSL binary and path, its version, and its associated package (when possible) in the output of plugin 168007. There are no aesthetic changes to the output of plugin 168149, which also includes the detected version and path. The generic OpenSSL vulnerability checks found in the "Web Servers" plugin family will only fire against these locally-detected installs when a scan is launched with increased paranoia and/or the detected OpenSSL package(s) are not managed by the OS, or third party software. This will result in even more accurate findings with fewer false positives from these plugins. We expect the vast majority of OpenSSL detections to be categorized as “managed”. As a result, if you want to see all potential OpenSSL vulnerabilities in your scan result, we recommend running a separate scan with the relevant OpenSSL plugins enabled, in paranoid mode. This can be configured in the Assessment Scan Settings of your scan policy. Documentation linked below; Tenable Nessus Tenable Security Center Tenable Vulnerability Management Please note, the paranoia settings will not affect the initial detections via plugins 168007 and 168149. These will always function the same, regardless of paranoia settings. Users should always be aware of the potential impact paranoia may have on the remediations, if not all scans are run in paranoid mode. Impacted Plugins 168007 ‘OpenSSL Installed (Linux)’ 168149 ‘OpenSSL Installed (Windows)’ Downstream impact on generic OpenSSL vulnerability plugins Target Release Date January 8th, 2024
Tenable Coverage for Ripple20 Vulnerabilities - Treck TCP/IP
Tenable Coverage for Ripple20 Vulnerabilities - Treck TCP/IP Stack Detection The Treck stack has been around for over 20 years and integrated into hundreds of products in many different ways. It is at the heart of the Ripple20 vulnerabilities. The stack has been modified based on each vendor / product's needs. Some products further have been acquired by other companies, End Of Life (EOL), End Of Support (EOS), etc. thereby adding to the complexity of the situation. Tenable has adopted multiple approaches to detecting the Treck stack in a vendor agnostic way while trying our best to ensure the plugins are not destructive to the assets being scanned. Using multiple approaches helps enhance coverage of the diverse Treck stacks out there. However, depending on the changes the vendors have made to the Treck stack or the way it has been integrated into their products, it may not be possible to detect all instances of the Treck stack remotely in a non-destructive way. As vendors are releasing patches for the Ripple20 vulnerabilities in their products, we are looking into adding additional coverage on a product. For the time being, using the recast functionality on vulnerability check for plugin ID 137702 Treck TCP/IP stack multiple vulnerabilities. (Ripple20) can help teams to acknowledge and accept the risk on the report. Vulnerability Recast Tenable.io - https://docs.tenable.com/tenableio/vulnerabilitymanagement/Content/Settings/AboutRecastRules.htm Tenable.sc - https://docs.tenable.com/tenablesc/Content/RecastRiskRules.htm Detection Plugins 138614 Treck/Kasago Network Stack Detection 138615 Treck/Kasago Network Stack Detection With IP Option. 137703 Treck/Kasago Network Stack Detection Vulnerability Detection Plugins 137702 Treck TCP/IP stack multiple vulnerabilities. (Ripple20)Tenable.io will undergo infrastructure upgrades to improve...
Tenable.io will undergo infrastructure upgrades to improve site performance and reliability throughout September. This planned maintenance window is scheduled to take no more than 4 hours to perform. If you have questions regarding the specific timing of the maintenance period, that affects you and you have not already received an email, please email your Customer Success Manager or create a Case with Tenable Customer Support or email support@tenable.com. This maintenance window only affects Tenable.io cloud and SecurityCenter customers who use Tenable.io to perform scans. During this time: Your Tenable.io URL will redirect you to a maintenance page, and you will not be able to access your Tenable.io account at https://cloud.tenable.com/. The Tenable.io API will be unavailable during this time. We expect most scans that are already running when the maintenance window begins to complete successfully after the window closes. We recommend that you verify this. Scans scheduled to start during the maintenance window are not likely to be initiated. Please check if they have run and if not, consider either scanning manually or at your next scheduled time. Agents will not be able to check into the Tenable.io platform during this time. Once services resume, agents will retain their data until the next check in. SecurityCenter management consoles with a Tenable.io scanner in their configuration will begin producing log messages indicating SecurityCenter cannot connect to the scanner. This will not impact SecurityCenter performance or stability, and the log messages will stop once the maintenance window is complete. This maintenance window does not affect Tenable.io on-prem, Nessus Home, Nessus Professional, Nessus Manager deployments or SecurityCenter consoles without a Tenable.io scanner. Please understand that routine maintenance and upgrades are a necessary part of our service delivery to you and we make every effort to perform these at the least disruptive times. We apologize for any inconvenience this planned maintenance outage may cause. We will do our absolute best to perform these upgrades as fast as possible and with minimal impact.
Tenable Security Center 6.3 Release Highlights We are...
Tenable Security Center 6.3 Release Highlights We are excited to announce the general availability of Tenable Security Center 6.3! This release includes the following top enhancements: Empower Your Security: On-Prem Web App Scanning (WAS) now offers stateful remediation status tracking and comprehensive exposure insights. Efficiently scan multiple FQDN targets in a single scan for enhanced security. Flexible Deployment: Deploy Security Center within a Kubernetes cluster, empowering you with the flexibility to align SC deployment according to your preferences. Restricted User Management: Manage only the risk/accept rules you create, minimizing unauthorized modifications and streamlining security processes for increased control. Improved Performance: Enjoy increased stability through bug fixes, including memory crash issue resolution, along with general performance enhancements and ongoing research updates. To get started, download Tenable Security Center 6.3 and view the release notes!Tenable Security Center 6.2 We are excited to announce the...
Tenable Security Center 6.2 We are excited to announce the general availability of Tenable Security Center 6.2! This release includes the following top enhancements: Web Application Scanning Support: Tenable Web App Scanning is now available on-prem and fully integrated within Tenable Security Center’s UI. Customers can integrate with on-prem-based web app scanning as an add-on to their current license and will have the ability to configure new scans and analyze web application exposures. Access Asset Lists from Domain Inventory: Easily create asset lists from domain inventory to save time on scan setup. Algorithm updates to ACR/AES: Security Center Plus customers will enjoy consistent ACR/AES risk calculations with algorithm updates, available in the 6.2 release. Improvements to patching and software updates: Apply patches directly from the Software Updates tool without system reboots and track patch status. Custom classification banner: Personalize your web app or exported report headers/footers with custom text and colors for classification banners, meeting unique preferences. To get started, download Tenable Security Center 6.2 and view the release notes!New SSH Escalation Type for Checkpoint Gaia In the spirit...
New SSH Escalation Type for Checkpoint Gaia In the spirit of Tenable's continued commitment to excellence, we are changing the way privilege escalation is specified for SSH credentials that target Checkpoint Gaia devices. When support for escalation to expert mode in Gaia scans was first introduced we reused the Cisco enable escalation credential. The difference in escalation commands causes Gaia scans to report failed escalation as device discovery tries different commands including escalated Cisco commands. This change will stop scans that target Gaia from trying Cisco escalation and will eliminate the spurious error reporting. Impact Existing scan policies with Cisco enable privilege escalation will still work with Gaia devices, but the invalid escalations will still be reported as escalation failures. To remove these messages customers will have to modify the SSH credentials for their Gaia targeting scan policies to use the new "Checkpoint Gaia 'expert'" escalation type instead. Going forward the new SSH escalation type should be used for credentials targeting Checkpoint Gaia devices. Changes The new escalation type will be available for every SSH credential type that currently offers an escalation credential. This is what the new escalation type looks like: Target Release Date 4 Oct 2021 - Nessus and Tenable.io 6 Dec 2021 - Tenable.sc
Tenable.sc: Oracle Database CSV Enumeration with CyberArk...
Tenable.sc: Oracle Database CSV Enumeration with CyberArk Introduction Currently, in Tenable.sc, users have to add each Oracle Database credential set one at a time and apply each of these credentials to a scan policy. Once the scan is started, each of these credential sets is used to authenticate against each detected Oracle Database listener possibly resulting in multiple undesirable authentication attempts. Change An option is being officially introduced to the Oracle Database Credential which will allow users to specify a CSV file with the Oracle Database authentication settings used for the scan policy. This option allows users to more easily input credentials and to associate credentials with a specific listener on a host. The authentication method supported at this time is CyberArk’s Privileged Access Security (PAS) solution. For this reason, at least one Oracle Database Credential with the CyberArk authentication method must be configured in the same scan policy to be able to retrieve the password. The Oracle Database password is retrieved from the configured CyberArk PAS when the CSV specifies an account name (Account Details Name in Tenable.sc). Otherwise, the target host and username are used to retrieve the password. Please refer to the Oracle Database credentials documentation for more information. Impact Only Tenable.sc users that have previously used the release candidate are impacted and should note the new CSV format as mentioned in the documentation. Additional Resources How-to Guide: Tenable.sc for CyberArk Tenable.sc: Database Integration with CyberArk Target Release Date 12 October 2020 Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
We're excited to announce the release of SecurityCenter...
We're excited to announce the release of SecurityCenter 5.8. This release includes enhancements to Mobile Agent Workforce capabilities. For more information review the blog post or release notes. We're also excited to share that we've rebranded SecurityCenter to Tenable.sc to better reflect its position as a core element of the Tenable Cyber Exposure platform. Now, as a core element of the Tenable Cyber Exposure platform, you will see increased innovation and accelerated development in Tenable.sc to help our customers see more, do more and further reduce their cyber risk. For more information on what this means for you, please read the blog post. Release Notes: https://docs.tenable.com/releasenotes/securitycenter/securitycenter580.htm Blog Post: https://www.tenable.com/blog/what-s-in-a-name-securitycenter-is-now-tenable-scSecurityCenter on Tenable Core GA Downloads and...
SecurityCenter on Tenable Core GA Downloads and Documentation The file is downloadable at: https://www.tenable.com/downloads/tenable-appliance#tenable-core-securitycenter Documentation is available at: http://docs.tenable.com/tenablecoresc/Content/TenableCore/Introduction_SC.htm Tenable Core Tenable Core is the latest, most modern version of the Tenable Virtual Appliance. As of today at 3PM, we will release SecurityCenter running on the Tenable Core Platform for General Availability. There a major advantages of this platform for our customers, including: Root access to the appliance - Easier administration A higher level of default security The platform and O/S are secured to the Center for Internet Security's(CIS) level 1 benchmarks Operating System, Application and the Virtual Appliance are set to automatically update nightly More frequent, automatic updates
