BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Posted April 17, 2014    BeyondTrust Software

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Categories:
Vulnerability Management
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Posted April 17, 2014    Chris Burd

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Categories:
Vulnerability Management
Tags:
, , , , ,

Vulnerability Expert Forum Highlights: April 2014

Posted April 16, 2014    Chris Burd

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Categories:
Vulnerability Management
Tags:
, , , , ,
BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Posted April 15, 2014    Morey Haber

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Categories:
New Features, Vulnerability Management
Tags:
, , , , , , , , , , , ,
vmware

VMware Multiple Products OpenSSL Heartbleed Information Disclosure

Disclosed April 14, 2014    Zeroday : 449 days
Vendors: VMware
Vulnerability Severity: High
Exploit Impact: Information Disclosure
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
hp

HP Multiple Products OpenSSL Heartbleed Information Disclosure

Disclosed April 13, 2014    Zeroday : 450 days
Vendors: HP
Vulnerability Severity: High
Exploit Impact: Information Disclosure
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker

PowerBroker for Unix & Linux Now Available via Web Services

Posted April 10, 2014    Paul Harper

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Categories:
New Features, Privileged Account Management
Tags:
, , , , , ,
opensolution

QuickCMS Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities

Disclosed April 9, 2014    Zeroday : 454 days
Vendors: Open Solution
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker

Heartbleed – When OpenSSL Breaks Your Heart

Posted April 8, 2014    BeyondTrust Research Team

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Categories:
Vulnerability Management
Tags:
, , ,
patch-tuesday

April 2014 Patch Tuesday

Posted April 8, 2014    BeyondTrust Research Team

April’s Patch Tuesday brings four patches to us, fixing Microsoft Word, Internet Explorer, Windows file handling, and Microsoft Publisher. It also brings us the final patches for Windows XP and Office 2003. MS14-017 fixes a zero-day vulnerability, CVE-2014-1761, in Microsoft Word that has been exploited in the wild. The vulnerability has to do with handling…

Categories:
Security Research
Tags:
, , ,