BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

BeyondTrust’s CTO Develops A Handy Guide for Beating the Flame Malware

Posted May 31, 2012    Peter McCalister

BeyondTrust’s CTO, Marc Maiffret, wrote up an insightful analysis of the Flame Malware and actions you can take now to identify, detect and remediate the vulnerabilities. Below is an excerpt:

“The Flame malware is currently leveraging two older Microsoft vulnerabilities that have been patched since August and September of 2010 (specifically, that is Microsoft Security Bulletin’s MS10-046 and MS10-061). In this case you should have a proper vulnerability and patch management process within your organization to verify that you do not have these unpatched vulnerabilities which Flame has been known to use.

Secondarily, the Flame malware has been shown to have capabilities to leverage Windows Domain Administrator credentials to further spread to other systems. While some investigation is being done it is recommended that best practices are followed to ensure your organization is running with “least privilege” user accounts so as to not more easily allow malware to embed within a system and further propagate.

Specifically for eEye, now BeyondTrust customers and community users there are many ways that the BeyondTrust Retina CS Vulnerability Management platform can help you get visibility and control over this Flame malware.”

If you don’t already know our free Retina Community security products, now is as good a time as any to go grab it. BeyondTrust’s flagship Retina CS Vulnerability Management solution has the capability to identify both systems infected with the Flame malware and systems with vulnerabilities that Flame malware can leverage for infection. Read the entire step-by-step guide on the eEye blog now.

Leave a Reply

Additional articles

{c4eae211-3ca2-4f8e-b2b9-6df0e970aab1}_g.markhardy

The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

Tags:
, , ,
webinar_chalk

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

Tags:
, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,