BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
vbam-032014

Introducing Vulnerability-Based Application Management™ (VBAM)

Posted March 3, 2014    Morey Haber

RSA Conference 2014 saw the birth of a new acronym at the BeyondTrust booth: “VBAM” – otherwise known as Vulnerability-Based Application Management™. This patent-pending technology enforces least-privilege access based on an application’s known vulnerabilities, as well as their age, potential risk, and impact on regulatory compliance initiatives – and is currently included in the PowerBroker…

Categories:
New Features, Privileged Account Management
Tags:
, , ,
fitnesse

FitNesse Arbitrary Command Execution Vulnerability

Disclosed February 25, 2014    Zeroday : 276 days
Vendors: FitNesse
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
SCAPblog-img2

Going Beyond SCAP for Benchmark Compliance

Posted February 24, 2014    Morey Haber

SCAP configuration compliance assessments, commonly referred to as “Benchmark” assessments, are traditionally cumbersome tasks when multiple benchmarks have to be tested against multiple targets at the same time. For the vast majority of SCAP-certified tools, this means executing one benchmark at a time against a valid host(s) and reviewing the results. The same targets often…

Categories:
New Features, Privileged Account Management
Tags:
, , , , , ,

Congratulation to our January and February VEF Participants

Posted February 20, 2014    Qui Cao

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Categories:
Vulnerability Management
belkin

WRT120N fprintf Stack Overflow

Disclosed February 19, 2014    Zeroday : 282 days
Vendors: Belkin (Linksys)
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker

BeyondInsight: Privilege and Vulnerability Management Unification

Posted February 18, 2014    Morey Haber

Fifteen years ago there was a revolution in information technology operations. Different teams that managed networks and systems merged their practices and technology under frameworks like Computer Associates Unicenter and IBM Tivoli. Today, these solutions have evolved to CA Spectrum, SolarWinds, and SpiceWorks. These are all fantastic technologies that have proven that the fusion of…

Categories:
New Features, Privileged Account Management, Vulnerability Management
Tags:
, , , , , ,
Access-Report1

Neophytes and Professionals

Posted February 14, 2014    Morey Haber

There is a first time for everything. Your first steps, your first date, your first child, your first vulnerability assessment scan. A first time for everything. The Retina Network Security Scanner Unlimited makes taking the first step incredibly easy and affordable. For security professionals, it is just another step in making sure your assets are…

Categories:
Vulnerability Management
Tags:
, , , ,

Least Privilege on Windows Desktops and Servers

Posted February 13, 2014    Morey Haber

We have all seen the news. Least privilege attacks on the NSA and companies like Target have lead to elevated privileges on sensitive systems and access to confidential data. Securing administrative privileges on desktops and servers is beginning to take center stage for many organizations since low level entry points are now being used to…

Categories:
Privileged Account Management
Tags:
, , , ,
microsoft

IE10 Use-After-Free 0day

Disclosed February 13, 2014    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
belkin

Linksys Routers Command Injection

Disclosed February 12, 2014    Zeroday : 289 days
Vendors: Belkin (Linksys)
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker