BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

src

The Silk Road to the FBI is Paved with Bitcoin

The FBI has seized control of one of the online black market’s most prominent marketplaces, Silk Road. Silk Road was an online marketplace used by miscreants who bought and sold illegal merchandise, such as drugs, weapons, and other illicit materials. It was not accessible without the use of routing software known as Tor (the onion…

Post by BeyondTrust Research Team October 3, 2013
Retina Security Scanner

Scalability When You Need It

I think we have all been there before. We pilot a solution, run the gambit of tests in the lab, and when it comes to production, the scalability falls flat on its face. It does not matter if the solution was architected correctly for the environment with multiple nodes, high performance database, and tons of…

Post by Morey Haber September 25, 2013
Tags:
, , ,

September VEF Participant Wins an iPad mini

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Post by Qui Cao September 24, 2013
Retina CS

Building Automated Vulnerability Audit Groups

From time to time, the field engineering team and I see the same request cross our desks in a short period of time. This time it was how to remove certain types of audits from running when performing a vulnerability scan originating from Retina CS. The old way of doing things would have required the…

Post by Bill Tillson September 20, 2013
Tags:
, , , , , , ,
LOLZ

Land of the Rising IE 0day

A new Internet Explorer zeroday has surfaced that affects every supported version of Internet Explorer. It has been observed in the wild in targeted attacks in Japan. Current attacks are focusing on exploiting Internet Explorer 8 and 9 on Windows XP and 7 machines. This is a use-after-free vulnerability in mshtml.dll, which is a DLL…

Post by BeyondTrust Research Team September 17, 2013
Tags:
,
patch-tuesday

September 2013 Patch Tuesday

September’s Patch Tuesday fixes vulnerabilities in SharePoint, Outlook, Word, Excel, Kernel drivers, and more. There are a total of 13 patches, fixing 47 unique CVEs; four bulletins are rated critical and nine bulletins are rated important. MS13-067 addresses ten vulnerabilities in SharePoint server, including versions 2003, 2007, 2010, and 2013, along with Office Web Apps…

Post by BeyondTrust Research Team September 10, 2013
Tags:
,
CNN-Syria-Maiffret

Marc Maiffret Interviewed on CNN: the ‘hacking war’ between the US and Syria

Last week CNN broadcast an investigative story about a potential ‘hacking war’ between the US and Syria, in light of possible US military strikes on Syria.  They wanted to know more about the ‘Syrian Electronic Army’, which shut down the NY Times website last week.  So the CNN team called on Marc to help explain…

Post by Mike Yaffe September 4, 2013
Tags:
, , , , , , ,
Bite apple2

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E,…

Post by BeyondTrust Research Team August 29, 2013
Tags:
, , , , , , ,
vmworld2013_logo_richblack

Live from VMWorld

This time it is all about virtualization and rightfully so. VMWorld 2013 is one of the largest shows I have seen in a long time, focused solely on a single subject and vendors are spread out across the expo floor covering everything from layer 7 switching fabrics for virtualized networks, to high speed SSD caches…

Post by Morey Haber August 27, 2013
Tags:
, , , , , ,
FIMScreenRename_2_shadow

A Use Case for File Integrity Monitoring within PowerBroker for Windows

As most of you are aware, PowerBroker for Windows v6 introduced File Integrity Monitoring (FIM) into the software.  For those of you who did not know this, FIM allows an Admin to specify protections over files/folders so these assets can only be modified by certain users or service accounts.  It also protects against renaming the…

Post by Jason Silva August 22, 2013
Tags:
, , , ,