BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

PowerBroker for Unix & Linux Now Available via Web Services

Posted April 10, 2014    Paul Harper

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Categories:
Privileged Account Management
Tags:
, , , , ,
opensolution

QuickCMS Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities

Disclosed April 9, 2014    Zeroday : 165 days
Vendors: Open Solution
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker

Heartbleed – When OpenSSL Breaks Your Heart

Posted April 8, 2014    BeyondTrust Research Team

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Categories:
Vulnerability Management
Tags:
, , ,
patch-tuesday

April 2014 Patch Tuesday

Posted April 8, 2014    BeyondTrust Research Team

April’s Patch Tuesday brings four patches to us, fixing Microsoft Word, Internet Explorer, Windows file handling, and Microsoft Publisher. It also brings us the final patches for Windows XP and Office 2003. MS14-017 fixes a zero-day vulnerability, CVE-2014-1761, in Microsoft Word that has been exploited in the wild. The vulnerability has to do with handling…

Categories:
Security Research
Tags:
, , ,

How Active Directory Can Reduce Threats to Your Business

Posted April 7, 2014    Gail Ferreira

Chances are you’re running Microsoft Active Directory and utilizing its built-in safeguards. However, even with native AD protections, your operations might still be jeopardized by unintentional or malicious actions. Here are two ways to augment Active Directory’s onboard auditing capabilities and keep your business up and running to its maximum potential: 1. Ensure Security and…

Categories:
Privileged Account Management
Tags:
, , , , , , , ,

Evolving Privileged Account Management for Maximum Operational Efficiency

Posted April 2, 2014    Gail Ferreira

We all want to make our lives easier, but how much privilege management is enough? At BeyondTrust, we see more and more organizations looking to simplify the tool sets used to manage their internal security and compliance environments. Historically, many organizations purchased privilege management solutions to address specific audit findings or challenges in isolation. This…

Categories:
Privileged Account Management
Tags:
, , , , ,
windows of opp-img1

Seizing Windows of Opportunity for Vulnerability Assessment

Posted April 1, 2014    Morey Haber

The change control process for many organizations dictates that vulnerability assessment scanning can only occur during predefined scan windows. During these times, teams are notified that an assessment will be conducted and that alerts from IDS/IPS sensors, SIEMS, and local AV agents should be ignored or whitelisted from the scanners. This is a very typical…

Categories:
Vulnerability Management
Tags:
, , , , ,
cisco

Cisco Web Security Appliance HTTP Header Redirection Weakness

Disclosed April 1, 2014    Zeroday : 173 days
Vendors: Cisco
Vulnerability Severity: Low
Exploit Impact: HTTP Redirection
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker

The Growing Government Interest in Cyber R&D

Posted March 26, 2014    BeyondTrust Software

Both US and International governments have been shifting their focus to the research and development of technology to protect critical cyber assets. At the recent AFCEA Homeland Security Conference, cyber security was one of the main topics covered by keynote speakers and exhibitors. We’ve compiled some of the latest endeavors taking place on behalf of…

Categories:
Vulnerability Management
Tags:
, , , , , , ,

Microsoft Word Zeroday – Set to expire?

Posted March 25, 2014    BeyondTrust Research Team

Researchers at Google have notified Microsoft of a new Word zeroday vulnerability. This attack is currently being leveraged in the wild to target systems running Microsoft Word 2010. The attack can be successful simply by a user opening a maliciously crafted RTF file within Microsoft Word. The full extent of the breaches caused by this…

Categories:
Vulnerability Management
Tags:
, ,