BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
Bugzilla Logo

Bugzilla ‘realname’ Parameter Account Creation Vulnerability

Posted October 8, 2014    BeyondTrust Research Team

Bugzilla, a very popular web-based bug-tracking system, has recently announced that multiple vulnerabilities have been discovered (http://www.bugzilla.org/security/4.0.14/). Perhaps the most interesting of these vulnerabilities, discovered by Netanel Rubin of Check Point Software Technologies, is one in which an attacker can automatically be added to certain groups that they were not intended to be a part…

Categories:
Security Research, Vulnerability Management
Tags:

Application Control without the Headaches: The PowerBroker for Windows Difference

Posted October 7, 2014    Morey Haber

Application control solutions reduce IT risk by regulating which programs can be launched on desktops, servers and other assets. For instance, application control can help to prevent malware infections and minimize subsequent damage if a malware infection occurs. IT and security leaders have several technology alternatives to consider when seeking to implement application control in their…

Categories:
Privileged Account Management
Tags:
, , , ,
shellshock-beyondinsight

Keeping Track of Shellshock Vulnerabilities with Retina CS and BeyondInsight

Posted October 2, 2014    Jerome Diggs

Worried about BASH Shellshock? Retina CS Enterprise Vulnerability Management can scan your environment to identify applications affected by Shellshock. BeyondTrust has generated several Retina vulnerability audits to help our customers identify the various permutations of applications affected by Shellshock. The BeyondInsight Analytics and Reporting engine, included with Retina CS, makes it simple to view and…

Categories:
Network Security, Privileged Account Management, Vulnerability Management
Tags:
, , , ,

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Categories:
General, Network Security, Privileged Account Management, Security Research, Vulnerability Management
Tags:

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

Categories:
Network Security, Privileged Account Management, Security Research, Vulnerability Management
retina-cs-mobile

One Half of All Android Users Are Vulnerable to Lastest Attack

Posted September 24, 2014    Morey Haber

On September 1st, a new bug was quietly leaked that has far reaching ramifications for all Android users. The bug is in the open source Android Browser that is a part of the webkit, Android Open Source Platform (AOSP). The vulnerability allows malicious sites to inject JavaScript into other sites. The result is the ability…

Categories:
Vulnerability Management
Tags:
, , , , ,
red-thumbprint

Why big data breaches won’t always be so easy

Posted September 19, 2014    Byron Acohido

This blog post is republished with the permission of ThirdCertainty. See the original post here. — By: Byron Acohido, Editor-In-Chief, ThirdCertainty Some day, perhaps fairly soon, it will be much more difficult for data thieves to pull off capers like the headline-grabbing hacks of Home Depot and Target. That’s not a pipe dream. It’s the projected outcome…

Categories:
Network Security
Tags:
, , , , ,

On-Demand Webcast: The Little JPEG that Could (Hack Your Organization) with Marcus Murray

Posted September 10, 2014    Chris Burd

IT security has come a long way, but every once in a while you see something that makes you think otherwise. Every day, internal and external hackers breach and traverse “secure” environments, making you wonder just how easy it is for attackers to completely compromise your network. In a new on-demand BeyondTrust webcast, Marcus Murray,…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , ,

Retina Vulnerability Audits – September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this September 2014 Patch Tuesday: MS14-052 – Cumulative Security Update for Internet Explorer (2977629) 35141 – Microsoft Cumulative Security Update for Internet Explorer (2977629) 35142 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8/2003 35143 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8…

Categories:
Security Research, Vulnerability Management
patch-tuesday

September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

This September Microsoft has released four security bulletins that cover a good level of Windows based attack surface. The two vulnerabilities that you should look to patch most immediately are MS14-052 (Internet Explorer) and MS14-054 (Windows Task Scheduler). Rounding things out you should get MS14-053 (.NET) done followed by MS14-055 (Lync) if applicable to your…

Categories:
Security Research
Tags:
, , ,