BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Vulnerability Management

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Retina Vulnerability Audits – August 2014 Patch Tuesday

Posted August 12, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this August 2014 Patch Tuesday: MS14-043 - Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) 34924 – Microsoft WMC Remote Code Execution (2978742) MS14-044 - Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) 34915 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008 34916 –…

smart-rules-manager-assets

Where Passive Scanning Falls Short

Posted July 11, 2014    Morey Haber

In many sports, as in business, teams will promote a strategy to gain an edge – even if the concept is possibly flawed. Consider an American football hurry-up offense: will it cause the defense to stumble, or will it just exhaust the offense? The play has potential pros and cons, and many strategic technologies are…

Tags:
, , , , , , ,
patch-tuesday

Retina Vulnerability Audits – July 2014 Patch Tuesday

Posted July 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this July 2014 Patch Tuesday: MS14-037 - Cumulative Security Update for Internet Explorer (2975687) 34517 – Microsoft Internet Explorer Cumulative Security Update (2975687) MS14-038 - Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) 34518 – Microsoft Windows Journal (2975789) MS14-039 - Vulnerability in On-Screen Keyboard Could Allow…

patch-tuesday

July 2014 Patch Tuesday

Posted July 8, 2014    BeyondTrust Research Team

This July Microsoft has released six security bulletins which account for over 29 unique vulnerabilities. The most critical bulletins are MS14-037 (Internet Explorer), MS14-038 (Windows Journal)  and MS14-040 (Windows AFD). MS14-037 starts things off with another massive Internet Explorer update on the heels of MS14-035 from last month. This new Internet Explorer bulletin covers over…

Tags:
, ,

Webcast Recap: “6 Best Practices for Privilege Management, Vulnerability Management, and IP Protection” with Larry Brock

Posted June 27, 2014    Chris Burd

In the latest on-demand webcast, BeyondTrust joins Larry Brock, the DuPont, USAF and NSA veteran and principal of Brock Cyber Security Consulting, to discuss “6 Best Practices for Privilege Management, Vulnerability Management, and IP Protection.” Below is a summary of key takeaways from the webcast, plus an on-demand video recording of the full presentation. Brock…

Tags:
, , , , ,
blog-tidings-img2

Tidings from the Year 2036: The Search for Relevant Security Data

Posted June 24, 2014    Morey Haber

A few years ago, I wrote a blog post about finding personal information online. I recently Googled myself again to see who knows what about me. I expected to find some posts and papers I’ve written, and maybe some of my contact details. Instead, the majority of the first-page results associate my name with a…

Tags:
, , , , , , , , ,
patch-tuesday

Retina Vulnerability Audits – June 2014 Patch Tuesday

Posted June 11, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this June 2014 Patch Tuesday.

Tags:
, , ,
enter-here-computer

Accounting for Vulnerability “States” in Your Risk Assessments

Posted June 9, 2014    Morey Haber

Vulnerability management (VM) processes have had to evolve exponentially in recent years. Most of this evolution has occurred in terms network coverage, as scanners have moved beyond conducting sequential assessments to advanced agent, connector and credentialing technologies. However, most VM applications are still unable to provide meaningful data for prioritizing vulnerabilities in terms of real…

Tags:
, , , , ,
PBW-Authorization

A New Twist on Secure Computing

Posted May 28, 2014    Morey Haber

Secure Computing is one of those overused terms that gracefully died on the vine. During a recent customer meeting, we discussed a new context for Secure Computing that’s worth sharing with our blog readers. Here it is in a nutshell: Consider Secure computing in the context of PowerBroker for Windows Risk Compliance. If you’re not…

Tags:
, , , , , , ,