BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Categories:
Network Security, Security Research, Vulnerability Management
Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Categories:
Privileged Account Management
Tags:
, , , ,

Bad POODLE, Don’t Bite!

Posted October 16, 2014    BeyondTrust Research Team

Researchers at Google (Bodo Moller, Thai Duong, and Krzysztof Kotowicz) have discovered that the encryption schemes used by SSL 3.0 are exploitable (CVE-2014-3566). Although the majority of web servers implement Transport Layer Security (TLS), the majority of clients will downgrade to SSL 3.0 in an attempt to maintain interoperability between protocols. For example, when a…

Categories:
Security Research, Vulnerability Management
Tags:
,
usb

MS14-063 – FastFat vulnerability fixed years ago…

Posted October 15, 2014    BeyondTrust Research Team

In vulnerability research, and computer security, we often deal strictly in the intangible. There are times however when tangible attack vectors can play a big part in real-world attacks. In a lot of cases it is USB memory sticks and related that play a common physical role in aiding attacks. From Stuxnet leveraging USB to bridge air gap networks…

Categories:
General, Network Security, Security Research, Vulnerability Management
Tags:
keyboard

You still need to start with the security best practices

Posted October 14, 2014    Tony Bradley

This blog post is republished with the permission of Techspective.net. See the original post here. – By: Tony Bradley, Editor-in-Chief, TechSpective.net A new cyber espionage threat dubbed “Sandworm” was revealed today. It exploits a zero day flaw that exists in all supported versions of the Windows operating system, and has apparently been active since 2009. That was FIVE years ago….

Categories:
Vulnerability Management
Tags:
, , , , , ,
patch-tuesday

October 2014 Patch Tuesday

Posted October 14, 2014    BeyondTrust Research Team

This October Microsoft has released eight security bulletins that cover a variety of Windows technologies from client-application attacks that would be useful in drive-by web attacks to privilege escalation vulnerabilities useful as second stage payloads to elevate from a standard user to having increased Administrator privileges. We recommend patching MS14-056 (Internet Explorer) first and then…

Categories:
Security Research, Vulnerability Management
Tags:
, , ,
Bugzilla Logo

Bugzilla ‘realname’ Parameter Account Creation Vulnerability

Posted October 8, 2014    BeyondTrust Research Team

Bugzilla, a very popular web-based bug-tracking system, has recently announced that multiple vulnerabilities have been discovered (http://www.bugzilla.org/security/4.0.14/). Perhaps the most interesting of these vulnerabilities, discovered by Netanel Rubin of Check Point Software Technologies, is one in which an attacker can automatically be added to certain groups that they were not intended to be a part…

Categories:
Security Research, Vulnerability Management
Tags:

Application Control without the Headaches: The PowerBroker for Windows Difference

Posted October 7, 2014    Morey Haber

Application control solutions reduce IT risk by regulating which programs can be launched on desktops, servers and other assets. For instance, application control can help to prevent malware infections and minimize subsequent damage if a malware infection occurs. IT and security leaders have several technology alternatives to consider when seeking to implement application control in their…

Categories:
Privileged Account Management
Tags:
, , , ,
shellshock-beyondinsight

Keeping Track of Shellshock Vulnerabilities with Retina CS and BeyondInsight

Posted October 2, 2014    Jerome Diggs

Worried about BASH Shellshock? Retina CS Enterprise Vulnerability Management can scan your environment to identify applications affected by Shellshock. BeyondTrust has generated several Retina vulnerability audits to help our customers identify the various permutations of applications affected by Shellshock. The BeyondInsight Analytics and Reporting engine, included with Retina CS, makes it simple to view and…

Categories:
Network Security, Privileged Account Management, Vulnerability Management
Tags:
, , , ,

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Categories:
General, Network Security, Privileged Account Management, Security Research, Vulnerability Management