BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

img13

4 Tips to Identify, Patch & Report on the Oracle Java Vulnerability

Last week our security research team provided some very enlightening information on a nasty Oracle Java vulnerability that until recently was a zero-day.  Oracle provided a patch for the vulnerability found in advisory (CVE-2012-4681)  and as a follow-up to the blog post by our security research team we wanted to share with you some easy…

Post by Jerome Diggs September 7, 2012
Tags:
, , , , ,
helpdesk

Helpdesk Troubleshooting with PowerBroker

In the past, organizations would rely on helpdesk technicians walking from desktop to desktop to troubleshoot desktop problems for end users. Nowadays, “Sneakernet” is almost dead, and helpdesks are levering remote control products to troubleshoot problems for end users. Remote control is great for troubleshooting, but when a user is running as a standard user…

Post by Peter McCalister September 5, 2012
Java-Logo

Java Pwns Everyone…Again.

Java has a nasty habit of getting you owned. This latest 0day is no exception to the long-lived trend of reliable Java-based exploitation. Here’s what you need to know: The current exploitation method being employed in the wild right now leverages two zero day flaws in Java. The first flaw leverages an implementation issue (logic bug) within ClassFinder.findClass(), which is only present in Java 7.

Post by BeyondTrust Research Team August 30, 2012
Tags:
, , , , , , , ,
ScanMetrics-screenshot

Apache 2.4.x XSS and Back-end Connection Vulnerabilities News

Two new audits have been released recently in our Retina vulnerability scan engine to close a security vulnerability that can enable an attacker to upload files remotely via a XSS flaw or lead to privacy issues because of a back end connection closing issue (CVE-2012-2687 and CVE-2012-3502, respectively). These two new audits have been released…

Post by Peter McCalister August 28, 2012
blog8-img1

Do You Have Users Hiding in Your Enterprise Servers?

Are you in control of the user accounts across your enterprise systems? Defunct user accounts, duplicate IDs, excessive rights – do these plague your current accounts database? More importantly – how many account databases are you maintaining…or failing to maintain? Identity services like authentication and single sign-on are critical in today’s business environments. Managing these…

Post by Peter McCalister August 27, 2012
thenewyorktimes

Our CEO Quoted in The New York Times, “Struggling to Recover from a Cyberattack”

Today, The New York Times published an article (both in print and online), “Struggling to Recover from a Cyberattack”, a real-world account of how one organization dealt with a crippling cyberattack, driven by an insider. After MyBizHomepage was hacked, its founder, Peter Justen, considered declaring bankruptcy or shutting down. Our CEO, John Mutch, provided the…

Post by Peter McCalister August 24, 2012
charliesheen-winning

August VEF Participant Wins a Kindle Fire

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to…

Post by Peter McCalister August 21, 2012
phishingforapayday

Phishing for a Pay Day

Attackers are currently focusing their efforts on a recently patched Java flaw (CVE 2012-1723). According to Threatpost the flaw has been a recent target of several pieces of malware and Web based attacks as of late, focused on HR/Payroll employees using social engineering techniques to gain access to payroll systems. There are numerous audits released…

Post by Peter McCalister August 21, 2012
img-gpo

Does This GPO Make Me Look Fat?

I was on a call with a colleague and friend of mine Paddy McHale. We were walking a new PowerBroker Desktops (PBD) customer through some initial planning and setup. Being a Group Policy Extension quite commonly the topic of how many GPOs are required to maintain this software frequently comes up. Specifically, should a company…

Post by Peter McCalister August 20, 2012
Blink6.0

Just Released Blink 6.0: Advanced Endpoint Protection

It has been a long time since any vendor has introduced game changing features to end point protection solutions. We have seen claims of better anti-virus protection, advanced persistent threat protection (APT), and even claims of massive resource savings using their latest versions. BeyondTrust believes in a defense in depth approach to end point protection…

Post by Morey Haber August 16, 2012
Tags:
, , , , ,