BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

cloudsecurity-98x98

Retina CS Turns Patch Tuesday into Simply “Tuesday”

Posted February 15, 2012    Mike Puterbaugh

Last week we announced Retina CS 3.0 – which extends our already market-leading vulnerability management capabilities for mobile devices – by adding in support for Android devices, as well as Microsoft Exchange ActiveSync – and sets a new bar for enterprise cloud security, allowing private cloud deployments based on Amazon Web Services (AWS) and VMware…

Tags:
, , , , , ,
patch-tuesday

Microsoft Patch Tuesday – February 2012

Posted February 14, 2012    Chris Silva

Ahh Valentine’s Day. Time to leave work early, buy a box of chocolates for your loved one, and fight through the crowds for a table at your favorite restaurant. Or, if you happen to be gainfully employed in IT security, time to spend the evening at work with your coworkers, patching servers and drinking a…

charliesheen-winning

January VEF winner announced. Takes home an Amazon Kindle Fire.

Posted January 26, 2012    Sarah Lieber

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to…

Tags:
, , ,
patch-tuesday

Microsoft Patch Tuesday – January 2012

Posted January 10, 2012    Chris Silva

Before we get started on this month’s releases, just a quick reminder that Microsoft released an out-of-band (OOB) security bulletin (MS11-100) late last month. That brought their 2011 total to 100 bulletins – so much for keeping it in double digits. To start off the new year, today Microsoft released seven bulletins. Microsoft finally tamed…

patch-tuesday

Microsoft Patch Tuesday – December 2011

Posted December 13, 2011    Chris Silva

To wish IT administrators everywhere a happy holiday, Microsoft today released 13 security bulletins. Microsoft had initially planned to release 14 bulletins, but a bulletin related to the BEAST vulnerability was held back for not behaving well with other other software. Assuming it can be whipped into shape, it will most likely make an appearance…

patch-tuesday

Microsoft Patch Tuesday – November 2011

Posted November 8, 2011    Chris Silva

This month Microsoft released four security bulletins, patching a total of four vulnerabilities. Included in this month’s bulletins is a particularly ugly vulnerability in tcpip.sys (MS11-083). This vulnerability involves sending a large amount of UDP packets to a closed port. While the amount of work to exploit seems great and Microsoft feels that exploitation will…

slam dunk

Uncontested Lay Up

Posted October 27, 2011    Peter McCalister

Last week talked about the basics of how you can address the risk of insider attacks from former employees. A recent study of IT managers and network administrators conducted by Amplitude Research on behalf of VanDyke Software, shows a growing concern about insider threats, particularly unauthorized access by current and former employees. Unauthorized access by current and former employees was cited by 11% of the survey respondents, as a reason cited network intrusions, the 4th most frequent response.

Accidental Harm

Don’t Be The Next WikiLeaks

Posted October 25, 2011    Peter McCalister

Last year’s WikiLeaks scandal was an embarrassment for the government, drawing attention from every corner of the globe about the insecurity of its networks. Recently, President Obama ordered new computer security rules to government agencies handling classified information after months of investigating the events leading up to WikiLeaks.

cloudlock1

Duqu, Son of Stuxnet, Destroyer of Worlds!

Posted October 20, 2011    Marc Maiffret

So, as everyone has hopefully heard by now, the world is indeed coming to an end because of a new piece of malware dubbed Duqu. Duqu is supposed to be based off of Stuxnet and therefore it makes it the scariest thing in cyber space or, as FoxNews.com said, “Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?”

dunk

Slam Dunk

Posted October 20, 2011    Peter McCalister

There aren’t many things in enterprise IT security that are easy enough to do to be called a slam dunk, but I may have one for you. A recent study of IT managers and network administrators conducted by Amplitude Research on behalf of VanDyke Software, shows a growing concern about insider threats, particularly unauthorized access by current and former employees.