Tenable OT New Plugin Family Summary Tenable OT Security...
Tenable OT New Plugin Family Summary Tenable OT Security will provide event-based findings to Tenable One platform with new description only plugins. These new OT plugins will be grouped in a new dedicated plugin family named "Tenable OT Violation". Change A new plugin family named "Tenable OT Violation" will be created. This new family will only be used for new OT plugins dedicated to event-based findings such as “Firmware Version Change Detected” or “Controller Code Upload Detected”. Impact No previous OT plugins will be updated with the new family, only the new OT plugins dedicated to event-based findings. These plugins only give findings if you have configured policies with triggered events. Target Release Date The new OT family and the new OT plugins will be released during the second week of April 2025.Tenable Research Release Highlight Nessus Agent Reset...
Tenable Research Release Highlight Nessus Agent Reset Plugin and Scan Template Summary Tenable Research has released a Credentialed Scan plugin and Scan Template “Nessus 10.8.0 / 10.8.1 Agent Reset” in support of addressing the issues in the Nessus Agent 10.8.0 and 10.8.1. Change New Scan Template: “Nessus 10.8.0 / 10.8.1 Agent Reset” Pre-requisite: Ensure that the agent version is set to 10.8.2 or 10.7.x in Agent Profile (for TVM) and Nessus Manager (for TSC). This Scan Template and Credentialed Scan plugin will run OS specific scripts to remotely reset the agent plugins on Windows, Mac OS or ‘Nix based Nessus Agent host machines on 10.8.0 or 10.8.1. These scripts and the permissions level each script requires are detailed in the Nessus Agent 10.8.2 Release Notes (https://docs.tenable.com/release-notes/Content/nessus-agent/2025.htm#10.8.2) under the [Perform a plugin reset] section. Notes: The Nessus Agent Reset plugin will only run from the provided Scan Template and will not reset Nessus Agents when run from any other Scan Template. For Ubuntu/Debian Unix credentials, please ensure that only one set of privilege escalation credentials are provided with the required permissions level for the OS script to execute. 13 JAN 2025 UPDATE: Please note that triggering a plugin reset will result in a large spike in network traffic. Impact Without this script, customers would have to logon to each Nessus Agent host and run the appropriate Nessus Agent Reset script for that host OS. Using this Scan Template and Credentialed Scan plugin, customers can run the Nessus Agent Reset scripts on each updated Nessus Agent from a Remote Credentialed Scan, with the necessary credentials and permissions, using Nessus, Nessus Manager, T.VM, and T.SC (released 08 JAN). Target Release Date 07 JAN 2025Windows Oracle Java Modernization Summary A recent update...
Windows Oracle Java Modernization Summary A recent update to our Windows Java initial detection greatly improved the identification of the Java type as Oracle Java. However, our older Windows Java vuln detections (from as far back as 2013) were not built to leverage the newer initial detection internal reporting, and stopped showing up on customer scans. Change To resolve this, our Research team transitioned the older vuln detections to leverage the new initial detection internal reporting convention. In all, 38 Windows Oracle Java plugins were modernized and telemetry is showing they are again reporting on customer scans. Impact Customers should see the windows Oracle Java vuln detections return to scan reports. Target Release Date 20 DEC 2024
Oracle Siebel Vulnerability Coverage Expansion Summary...
Oracle Siebel Vulnerability Coverage Expansion Summary Tenable Research has expanded our coverage for the popular CRM software, Oracle Siebel. This update includes plugins for vulnerabilities disclosed in the software outlined in Oracle Critical Patch Updates dating back to 2012. Change The complete list of plugins released is available here. In addition, the following plugins have been deprecated in favor of the new, updated plugins: https://www.tenable.com/plugins/nessus/74467 https://www.tenable.com/plugins/nessus/76576 https://www.tenable.com/plugins/nessus/185085 https://www.tenable.com/plugins/nessus/185086 https://www.tenable.com/plugins/nessus/185087 Impact Customers running Nessus & Tenable Vulnerability Management will be able to assess their environments for vulnerabilities in their Oracle Siebel instances. Target Release Date Nessus, Tenable Security Center & Tenable Vulnerability Management: Immediate
Security End of Life (SEoL) Plugin Conversions 2024 Q4...
Security End of Life (SEoL) Plugin Conversions 2024 Q4 Change In accordance with the SEoL framework published in April 2023, we are updating and/or deprecating the legacy “Unsupported <x>” plugins to conform to the new plugin specification. Only the Unsupported plugins listed in the “Deprecated Plugin” table below have been deprecated and replaced with SEoL plugins - all other plugins that detect Unsupported software remain in service. Impact Customers should anticipate the legacy “Unsupported” plugins to be deprecated and/or converted to their corresponding SEoL plugins. This may result in new findings and a more detailed picture of the exposure landscape associated with products in the SEoL state. Customer-created dashboards or reports that use the now-deprecated “Unsupported” plugins should be migrated to use the new SEoL plugins listed below. For additional details please see the SEoL FAQ knowledge base article from June 2023. This FAQ covers questions about SEoL plugin severity ratings, considerations for extended vendor support agreements, and future product coverage. Converted Plugins Deprecated Plugin: 55690; IBM DB2 Unsupported Version Detection New Plugin(s): IBM DB2 SEoL Deprecated Plugins: 40362; Mozilla Foundation Unsupported Application Detection, 56584; Mozilla Foundation Unsupported Application Detection (macOS) New Plugin(s): Firefox and Thunderbird SEoL Deprecated Plugin: 78675; WinZip Unsupported Version Detection New Plugin(s): Winzip SEoL Deprecated Plugins: 95258; Fortinet FortiClient Unsupported Version Detection (macOS), 93098; Fortinet FortiClient Unsupported Version Detection New Plugin(s): Fortinet Forticlient SEoL Deprecated Plugin: 56710; Wireshark / Ethereal Unsupported Version Detection New Plugin(s): Wireshark SEoL Consolidated List of Deprecated Plugins 55690, 40362, 56584, 78675, 95258, 93098, 56710 Target Release Date January 6, 2025 Additional Notes For a complete list of current SEoL plugin coverage, please visit https://www.tenable.com/plugins/search?q=%22SEoL%22. Additional coverage requests can be made via Tenable’s Suggestions Portal at https://suggestions.tenable.com.Host Credential Validation Scan Template Summary In an...
Host Credential Validation Scan Template Summary In an effort to simplify the process of diagnosing issues with scan credentials, Tenable Research is releasing a lightweight scan template which enables several informational plugins that report on the success of provided host (Windows / Unix) credential pairs. Change The complete list of plugins enabled by the scan template is available here. Impact Customers running Nessus & Tenable Vulnerability Management will be able to diagnose credential pair issues quickly by leveraging this new scan template. Target Release Date Nessus & Tenable Vulnerability Management: Immediate Tenable Security Center: TBD
New Snowflake Compliance Plugin and Audit files Summary...
New Snowflake Compliance Plugin and Audit files Summary Customers can now measure compliance against the Snowflake Platform with new plugin ID Snowflake Compliance Checks (206112) on Tenable Vulnerability Management and Nessus. This plugin is published as a part of the Audit Cloud Infrastructure compliance template and will use a new credential type of Snowflake API. The plugin will retrieve all target data using the Snowflake SQL API and will evaluate actual values against a given audit policy. Two audits implementing the CIS benchmark will be released along with the plugin: CIS Snowflake Foundations v1.0.0 Level 1 CIS Snowflake Foundations v1.0.0 Level 2 These audits contain a total of 39 checks across 2 profiles with 20 checks being fully automated. Some examples include: Identity and Access Management 1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles) 1.7 Ensure authentication key pairs are rotated every 180 days 1.8 Ensure that users who did not log in for 90 days are disabled Data Protection 4.1 Ensure yearly rekeying is enabled for a Snowflake account 4.5 Ensure that the REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION account parameter is set to true Additional Notes For those that are interested in creating custom audit content for their environment, the audit supports the following structure. <check_type: "Snowflake"> <custom_item> type : SQL_POLICY description : "Ensure yearly rekeying is enabled for a Snowflake account" sql_request : "SHOW PARAMETERS LIKE 'PERIODIC_DATA_REKEYING' IN ACCOUNT;" sql_types : REGEX, REGEX, REGEX_OR_NULL, REGEX_OR_NULL, REGEX_OR_NULL, REGEX_OR_NULL sql_expect : "PERIODIC_DATA_REKEYING", "true", ".*", ".*", ".*", ".*" </custom_item> </check_type> The 'sql_request' tag contains SQL statements executed through the Snowflake REST API endpoint. The 'sql_expect' tag will evaluate the data for a passing or failing result. Target Release Date ImmediateNessus can now use Kerberos for DCOM Authentication Summary...
Nessus can now use Kerberos for DCOM Authentication Summary Nessus scans that are provided with Windows Kerberos credentials will now use the Kerberos protocol for authentication in plugins that use DCOM or WMI. Kerberos authentication has been available for a long time in Nessus for plugins that only use SMB. Prior to this change the DCOM/WMI plugins would authenticate using NTLM even if only a Kerberos credential was provided. Microsoft Windows is abandoning NTLM due to security concerns and has recommended host and domain configuration that excludes the use of NTLM. Change This implementation of Kerberos for DCOM/WMI only supports the packet integrity authentication level (RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) which is the minimum required since Microsoft hardened DCOM to address CVE-2021-26414. If a server or service requires packet privacy (RPC_C_AUTHN_LEVEL_PKT_PRIVACY), Nessus will not be able to scan it. Following the deprecation of SHA1 hashes, Kerberos will slowly be updated to use SHA2 hashes on Windows and other platforms. At this time the Nessus implementation does not support SHA2 based checksums or encryption. Future Tenable plans include upgrading the Nessus DCOM implementation to use packet privacy and upgrading the Nessus Kerberos implementation to use SHA2 based cryptography. Target Release Date Immediate
Improved Red Hat Enterprise Linux Repo Detection Summary...
Improved Red Hat Enterprise Linux Repo Detection Summary Tenable is releasing an improvement to how we determine the source repository for packages in Red Hat Enterprise Linux local security checks. With this improved logic, customers will see more accurate scan results. Impact This improvement is significant for our customers with Red Hat Enterprise Linux systems, particularly those who use non-public package repository mirrors. If a customer’s mirrors do not match the relative URL structure found in Red Hat’s repository-to-cpe mapping, they will now experience more accurate scan results. This change is particularly beneficial for packages from application-specific repositories such as Ansible, Openshift, and Ceph, among others. See our Knowledge Article on How ‘Red Hat Local Security Checks’ Operate for more information. Note: Configuring package mirrors using the relative URLs from Red Hat’s repository-to-cpe mapping will result in the most accurate findings. Affected Plugins There will be approximately 1500 plugins modified to include this logic. Target Release Date June 3, 2024Summary Improved Windows Java Detection. Changes To enhance...
Summary Improved Windows Java Detection. Changes To enhance the precision of our Windows Java detection, Tenable Research is introducing updates to refine the inspection and identification of Java artefacts. These changes are designed to improve the handling of Java versions, particularly in embedded environments, ensuring more accurate detection and reporting. The Windows Java detection plugin, plugin ID 148499, has undergone optimisation to better locate and examine the artefacts within subdirectories housing the Java binary that are commonly found in distributions. This enhancement aims to refine version accuracy and granularity, leading to more precise detections. Impact Users should expect to see more accurate version detection of their Windows Java installs and a possible increase in the number of detected installs. Impacted Plugins 148499 - Java Detection and Identification (Windows) Target Release Date Tuesday, March 19, 2024