#nessus — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #nessus, aggregated by home.social.
-
updated CheckNessusAuth — a tool that helps you verify whether Nessus authenticated scans are likely to succeed or not before you start scanning.
GitHub: https://github.com/dietersar/CheckNessusAuthScan
Website: https://secudea.be/tools/nessus-auth-scanning-tool/#Nessus #CyberSecurity #VulnerabilityManagement #AuthenticatedScans #Infosec #SecurityTools #GUI #Automation
-
Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.
-
Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.
-
Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.
-
Что такое структура оценки уязвимости
Система оценки уязвимостей — это способ, позволяющий организациям проверить свои системы, сети и приложения на наличие уязвимостей, которыми могут воспользоваться хакеры. Подобно тому, как мы проверяем свои дома на наличие сломанных замков или уязвимых мест, оценка...
#DST #DSTGlobal #ДСТ #ДСТГлобал #уязвимости #безопасность #OpenVAS #NMap #Nessus #QualysGuard #BurpSuite #киберугрозы #FTP #SSH #Telnet
Источник: https://dstglobal.ru/club/1116-chto-takoe-struktura-ocenki-ujazvimosti
-
Is there anyone who is proficient with Tenable.sc and managed #Nessus scanners? I'm having a hellova time trying to figure out a glitch with plugins. No matter what I do, my scanner gets only the plugins from 12 May 2025. I've been laser-focused on troubleshooting this and I've run out of ideas. I've even rebuilt the scanner server with no change, leading me to believe it's something with Tenable.sc, and Tenable.sc has the latest plugin set. Help me Obi-won, you're my only hope. #Tenable
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent – Source: www.securityweek.com https://ciso2ciso.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent-source-www-securityweek-com/ #securityproductvulnerability #rssfeedpostgeneratorecho #CyberSecurityNews #Endpointsecurity #securityweekcom #securityweek #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent – Source: www.securityweek.com https://ciso2ciso.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent-source-www-securityweek-com/ #securityproductvulnerability #rssfeedpostgeneratorecho #CyberSecurityNews #Endpointsecurity #securityweekcom #securityweek #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent – Source: www.securityweek.com https://ciso2ciso.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent-source-www-securityweek-com/ #securityproductvulnerability #rssfeedpostgeneratorecho #CyberSecurityNews #Endpointsecurity #securityweekcom #securityweek #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent – Source: www.securityweek.com https://ciso2ciso.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent-source-www-securityweek-com/ #securityproductvulnerability #rssfeedpostgeneratorecho #CyberSecurityNews #Endpointsecurity #securityweekcom #securityweek #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
High-Severity Vulnerabilities Patched in Tenable Nessus Agent https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/ #securityproductvulnerability #EndpointSecurity #Tenable #Nessus
-
Nessus scanner agents went offline due to a faulty plugin update – Source: securityaffairs.com https://ciso2ciso.com/nessus-scanner-agents-went-offline-due-to-a-faulty-plugin-update-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Security #Tenable #Nessus
-
Tenable Disables Nessus Agents Over Faulty Updates – Source: www.securityweek.com https://ciso2ciso.com/tenable-disables-nessus-agents-over-faulty-updates-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Endpointsecurity #securityweekcom #securityweek #buggyupdate #Tenable #Nessus
-
Tenable Disables Nessus Agents Over Faulty Updates https://www.securityweek.com/tenable-disables-nessus-agents-over-faulty-updates/ #EndpointSecurity #buggyupdate #Tenable #Nessus
-
Tenable Disables Nessus Agents Over Faulty Updates https://www.securityweek.com/tenable-disables-nessus-agents-over-faulty-updates/ #EndpointSecurity #buggyupdate #Tenable #Nessus
-
Bad Tenable plugin updates take down Nessus agents worldwide #vulnerabilityscan #tenable #nessus #networksecurity https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/?s=09
-
That's a bold statement.
In my experience, #Nessus has at least one false positive in every single scan. There are many plugins that haven't seen a true positive for years.
-
"Note that Nessus has not attempted to exploit the issue but has instead only checked if OpenSSH is running on the remote host."
But how about—as the bare minimum—you check the version or don't fucking report vulnerabilities that have been fixed for 17 years! 🤬
-
Also if you think about it, the majority of #tenable #nessus functionality is based on its ability to log into a remote machine, use the tools on that host (windows: regsitry calls, execute cmd.exe scripts or posh, unix: ssh in run commands built into the host to retrive whatever info it has), and then generate a report. #nmap has the modules
libssh2-utilityto log you in (check outssh-run.nse) and smb capabilities (smb-psexec.nse) that allow you to run services commands and the like on Windows.Why are people paying thousands in subscription fees ???!
#infosec c
-
There's no way that this will help ANYONE, but..
I'm doing an eval of #Nessus (a cybersecurity scanning tool) on our product (#Aarch64 running #Linux (#Debian, to be specific).
And one of the tests would cause my system to kernel panic and reboot.
After a lot of trial and error, I found that some of the tests are trying to use `dmidecode`, which, evidently, is super spicy for us.
I `chmod 000 /usr/sbin/dmidecode` and now everything is happy.
(Again, I know that no one wants to know this)
-
Another #Nessus gem: plugin 58601
This plugin checks for two vulnerabilities from 2008. It's triggered by the header "X-Powered-By : ASP.NET". 🤦
Nessus: "It is not possible to determine the version from the header, so this may be a false positive."
O RLY? In fact, I would say it is almost certainly a false positive. Every single time.
-
One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).
One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.
2/ 🧵
-
One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).
One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.
2/ 🧵
-
One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).
One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.
2/ 🧵
-
One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).
One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.
2/ 🧵
-
One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).
One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.
2/ 🧵
-
Hatte ich schon mal erwähnt dass ich #Nessus für ganz großen Ranz halte?
Weder sind ICMP Timestamp Pakete böse noch ist mein mit Kerberos gesicherter NFS-Server Welt-lesbar und auch ssh 9.2 in Debian stable muss nicht auf 9.3 aktualisiert werden. Die sind doch vollkommen irre. -
#Tenable #Nessus Plugin ID 171859 triggers on current up to date Windows installs, and requires #curl to be updated to version 7.88.0 or later. Microsoft is only offering 7.83.1. The issue here is that this appears to be triggering to orgs implementing #IAVA policy (this likely includes many defense and other critical sectors orgs). So currently it seems that many systems are flagged non-compliant without clear recourse.
https://www.tenable.com/plugins/nessus/171859 https://en.wikipedia.org/wiki/Information_assurance_vulnerability_alert
-
What's your #homelab?
#OpnSense on #LenovoM92
#OpenVPN
#WireGuard
#AdGuardHome
#ntopng#Ubiquiti Switch, AP, CloudKey
#Proxmox Cluster
-
Abenteuer IT Selbständigkeit
#Wochenbericht (KW45):- Mo: Laptop einrichten, #3CX installieren, #OPNsense Support
- Di: Bürotag und #Tickets erledigen, #Nessus Scan, #Stadtrat am Abend
- Mi: #OPNsense installieren und Netzwerk umbauen. Alten Server abschalten, #TrueNAS übernimmt
- Do: #3CX Besprechung Neukundenaquise
- Fr: #OPNsense Schulung und #3CX installieren, Update von 3 #GroupOffice Instanzen
- Sa: Umzug von #pfSense auf #OPNsense -
There's nothing like building the wrong servers for the SOC 🤌.
I'm going to spend some time rebuilding some Linux servers for a new scanning tool our SOC uses. We've decided to move away from Nessus (not my decision, but I'm open-minded). I still utilize OpenVAS for all of my narrowed subnets and specific endpoint stuff though. I'll post more about the tool as I familiarize myself with it.
#security #SOC #vulnerabilityscanner #Nessus #OpenVAS #vulnerabilitymanagement
-
Install Nessus for Free and scan for Vulnerabilities (New Way)
YouTube video: https://youtu.be/Gy-aPBb0djk
#kalilinux #linux #cybersecurity #infosec #informationsecurity #scan #nmap #nessus
-
2024 und #nessus ist immer noch nicht klüger geworden.
Ist ja schon gut, dass es sich CVEs/DSAs anschaut und schaut ob die installierten Pakete das Update auch eingespielt haben.
Aber wenn er dann die Source-Paket Version im Binär-Paket erwartet und wenn das nicht stimmt rummotzt, dann hat er halt #Debian nicht verstanden.
-
I don't want to talk about how #Tenable raised the price of #Nessus Professional from 3k to 4k. Depending on who you ask, it was already too much, or it might still be worth it.
But delivering the news with a (not so subtle) threat is everything that is wrong with the #infosec industry.
Our job is to protect businesses, not scare them into giving up their money. That's the job of the ransomware gangs.
-
Der Netzwerk-Schwachstellenscanner Nessus behebt mit neuen Versionen mehrere Schwachstellen in Drittherstellerkomponenten. Admins sollten sie installieren.
Schwachstellenscanner Nessus: Updates schließen mehrere Sicherheitslücken -
Der Netzwerk-Schwachstellenscanner Nessus behebt mit neuen Versionen mehrere Schwachstellen in Drittherstellerkomponenten. Admins sollten sie installieren.
Schwachstellenscanner Nessus: Updates schließen mehrere Sicherheitslücken -
#BlackFriday #BlackWeek #CyberMonday deals, mostly #tech, #infosec, #books and #tools.
I started making a birdsite style thread of short posts earlier but realised 11000 characters should be enough for a single post. To be updated further.
#VMware has 30% off on certain products, Workstation Pro 17 is $139 instead of $199 - https://store-us.vmware.com/
#NoStarchPress has a 35% discount on books with the code HOLIDEALS, ends Nov 28 (Monday) - https://nostarch.com/
#Hak5 gives 2% discount for every $100 up to 10%, $200 off WiFi Pineapple Enterprise, 15% off bundles - https://hak5.org/
#KSECLabs has discounts on various gear and bundles, code BLACKFRIDAY15 gives 15% off across the site - https://labs.ksec.co.uk/black-friday-sale/
#Phoronix gives $10 off annual subscriptions and $50 off limetime subscriptions - https://www.phoronix.com/phoronix-premium
#CovertInstruments has various discounts on tools for #locksports - https://covertinstruments.com/collections/black-friday-sale
25% off #LastPass - https://www.lastpass.com/pricing
#Microsoft Press Store has discounts of 40% to 55% with the code BOOKSGIVING - https://www.microsoftpressstore.com/promotions/happy-booksgiving-buy-2-save-55-on-books-and-ebooks-142354
#iFixit 25% off seasonal bundles and 20% off toolkits - https://www.ifixit.com/promotions/black-friday-holiday
#HexRays 25% off #IDA Home and 10% off #IDAPro - https://hex-rays.com/terms-and-conditions-black-friday-sale-2022/
#Multipick deals for lockpicks and -tools - https://shop.multipick.com/en/black-friday
#Tenable #Nessus 50% off with code TakeHalf - https://store.tenable.com/1479/purl-takehalf?x-promotion=TakeHalf
#TryHackMe 20% off annual personal subscriptions with code AOC22 - https://tryhackme.com/why-subscribe
#GrayHatWarfare €20 off triannual and €140 off annual premium subscriptions, €25 off monthly, €110 off triannual and €510 off annual subscriptions - https://grayhatwarfare.com/packages
#ProtonMail 33% off plus and 40% off unlimited - https://proton.me/mail/black-friday
#Maltronics 15% off with code BF2022 - https://maltronics.com/discount/BF2022