BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
zeroday-default

Publish-It Buffer Overflow Vulnerability

Disclosed February 5, 2014    Zeroday : 226 days
Vendors: PosterSW
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
scmag1-98x98

BeyondTrust Receives 5 Star Rating from SC Magazine

Posted February 4, 2014    Sarah Lieber

Recently our UVM20 Security Management Appliance received a perfect 5-star review + “Best Buy” recognition from SC Magazine. Read the full review here. The UVM20 includes several pre-installed and pre-configured solutions: Retina Network Security Scanner, PowerBroker for UNIX/Linux, and PowerBroker for Windows, plus our patch management, regulatory reporting and configuration compliance modules — in addition…

Categories:
Vulnerability Management
Tags:
, , , , , , , ,
5things-oraclebtwebinar-screenshot

The 5 Things Every Linux Administrator Should (and Should Not) Do When It Comes to Privileged Account Management

Posted February 3, 2014    Sarah Lieber

When it comes to privileged account management the list of things an administrator can do to protect their environment is seemingly never ending. Last week we hosted a webinar with Oracle Linux and presented a list of 5 things every Linux administrator should, and should not, do when managing privileged accounts. Given the current security…

Categories:
Vulnerability Management
Tags:
, , , , ,
bloofoxcms

bloofoxCMS Multiple Vulnerabilities

Disclosed January 31, 2014    Zeroday : 231 days
Vendors: bloofoxCMS
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
jawbone-up

We’re Getting Pumped up for RSA

Posted January 30, 2014    Sarah Lieber

Here at BeyondTrust we’re getting pumped up for RSA, which takes place Feb 24th – 27th, 2014! This year in San Francisco we’re going to demonstrate how our PowerBroker Privilege Management and Retina Vulnerability Management solutions ensure that IT environments are healthy and ready to fend off threats. We’ll also be featuring some amazing “feats…

Categories:
Vulnerability Management
Tags:
, , , , ,
Target

Retina Audits for Target POSRAM Malware

Posted January 29, 2014    BeyondTrust Research Team

By now, you’ve heard of the POSRAM malware used against retail giant Target to steal customers’ payment card information from point-of-sale terminals. If you have not heard of POSRAM, or are unfamiliar with how it works, the malware scans processes’ memory for credit card information and periodically uploads that information to an attacker controlled server….

Categories:
Vulnerability Management

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets. Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to…

Categories:
Vulnerability Management
Tags:
, , , ,
marc-maiffret-fox-news-screenshot

Marc Maiffret Interviewed on Fox News: How Safe is Consumer Data on the ObamaCare Website?

Posted January 17, 2014    Mike Yaffe

Yesterday, Marc Maiffret appeared as a special guest of “The Willis Report” on Fox News where he discussed how safe consumer data is on the ObamaCare website. As background, according to news reports, ObamaCare continues to leave consumer data vulnerable to theft months after security problems were first exposed. In the wake of a Christmas-season…

Categories:
General
Tags:
, , , ,
dell

Dell PowerConnect Products Multiple Vulnerabilities

Disclosed January 17, 2014    Zeroday : 245 days
Vendors: Dell
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
cisco

Cisco NTP Mode 7 Denial of Service Vulnerability

Disclosed January 15, 2014    Zeroday : 247 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker