BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
MandiantAPT1report

Mandiant APT1 report, some unanswered questions.

Posted February 21, 2013    Marc Maiffret

For the last several years there has been an increasing number of accusations being made against China and its military as being behind the systematic targeting of organizations throughout the world in a sophisticated hacking campaign to steal data and access to further China’s economic, military and social agendas. These accusations come from a mass…

Categories:
General
Tags:
, , , ,
EventStream-Reports

PowerBroker for Windows Rule Creation with Retina CS

Posted February 20, 2013    Morey Haber

For any enterprise solution, manually creating rules can be a daunting task and repetitive exercise. This problem is even more complex when working with solutions that potentially touch every application within your environment. Consider the complexity of identifying every application that requires escalated privileges for a least privilege project. How can you identity every user application…

Categories:
Privileged Account Management
Tags:
, , , ,
patch-tuesday

February 2013 Patch Tuesday: Hide Your Servers, Hide Your Clients

Posted February 12, 2013    BeyondTrust Research Team

It’s that time again, folks. This month’s Patch Tuesday brings us an assortment of client side vulnerabilities, from vulnerabilities affecting Internet Explorer to Exchange to TCP/IP, and much more. A total of 57 vulnerabilities are addressed across a spread of 12 bulletins, five of which are rated critical. There are quite a few client side…

Categories:
Vulnerability Management
Tags:
adobe

Unspecified Remote Code Execution Vulnerability in Adobe Reader

Disclosed February 12, 2013    Fully Patched
Vendors: Adobe
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
dlink

D-Link DSL-2740B login.cgi Bypass Vulnerability

Disclosed February 10, 2013    Fully Patched
Vendors: D-Link
Vulnerability Severity: Low
Exploit Impact: Security Bypass
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
sclogoupdated_1448

BeyondTrust Retina CS Earns Perfect 5 Star Rating by SC Magazine

Posted February 4, 2013    Sarah Lieber

We are happy to announce that for the 5th year in a row, SC Magazine has given a glowing review of Retina CS Threat Management Console with 5 stars across all its judging categories. SC Magazine tests all products in the most logical way: they vulnerability or pen tested them directly. Their “…results were excellent and…

Categories:
Vulnerability Management
Tags:
, , , , , , ,
United States Health Department

United States Health Department Updates HIPAA Guidelines

Posted January 25, 2013    Morey Haber

It comes as no surprise to information technology security professionals that data leaks and privacy issues can occur at virtually any level of an organization including business associates, contractors, subs-contractors and outsourced firms like payroll and billing. With this, it is has been a long time coming that the U.S. Department of Health and Human…

Categories:
Privileged Account Management
Tags:
, , , , , ,
Retina Insight

Vulnerability and Identity Management (VIM) Fusion

Posted January 23, 2013    Morey Haber

Why BeyondTrust? BeyondTrust is a unique company in the security industry that has created the first and only fusion of Vulnerability and Identity Management (VIM). While the industry has spent over a decade refining the process of vulnerability identification and reporting using standards like OVAL and CVE, BeyondTrust has taken the leadership position in understanding what risk…

Categories:
Vulnerability Management
Tags:
, , , ,
Hiding in plain sight

IT Security’s Best Kept Secret – Hiding in Plain Sight

Posted January 22, 2013    Mike Puterbaugh

This blog post was first posted on Wired.com on January 22nd, 2013. It can be found, in it’s original formatting, here: http://insights.wired.com/profiles/blogs/it-security-s-best-kept-secret-hiding-in-plain-sight               There’s a reason the old saying “an ounce of prevention is worth of a pound a cure” resonates in so many situations – because it’s true….

Categories:
General
Tags:
, , , , , ,
ibm

IBM WebSphere Application Server Multiple Vulnerabilities

Disclosed January 21, 2013    Fully Patched
Vendors: IBM
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker