BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Webcast Recap: Surviving the Vulnerability Data Maelstrom with Dave Shackleford

Posted May 21, 2014    Chris Burd

If your vulnerability management (VM) processes are like most, you’re drowning in information and wondering whether your scanning and reporting tools are revealing true risks or sending every tiny issue your way for review. Unfortunately, getting alerts for low-level vulnerabilities and false positives is still considered a standard best practice. But to free themselves from…

Categories:
Vulnerability Management
Tags:
, , , , ,
RCS-Mobile-Blog-IMG

Identifying Android Phone Vulnerabilities that Threaten Your Corporate Network

Posted May 20, 2014    Morey Haber

According to a recent McKinsey survey, more than 80% of employees now use personal smartphones for work-related purposes. Vulnerable smartphones can spread malware to business infrastructure via emailed attachments and to corporate networks through bots. Assessing mobile devices for vulnerabilities that could lead to infections and data manipulation is therefore a real concern for data…

Categories:
New Features, Vulnerability Management
Tags:
, , , , , , , ,
PCI-Approved-Scanning Vendor

Vulnerability Scanning for PCI DSS Compliance with BeyondTrust Retina

Posted May 19, 2014    Morey Haber

I’m pleased to announce that BeyondTrust’s Retina Enterprise Vulnerability Management has successfully completed PCI Scanning Vendor Compliance Testing. This means that Retina meets all PCI Security Standards Council requirements to perform PCI data security scanning. This also marks the fifth year that BeyondTrust is an Approved Scanning Vendor (ASV). Where Vulnerability Scanning Comes into Play…

Categories:
Vulnerability Management
Tags:
, , , , , , ,

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent…

Categories:
Privileged Account Management
Tags:
, , , , , , ,
patch-tuesday

May 2014 Patch Tuesday

Posted May 13, 2014    BeyondTrust Research Team

May’s Patch Tuesday contains eight bulletins addressing 13 issues, fixing Internet Explorer, SharePoint Server, Office, Group Policy Preferences, Windows, the .NET Framework, and iSCSI. MS14-022 fixes three vulnerabilities in Microsoft SharePoint Server, the worst of which could be used to execute arbitrary code on a targeted SharePoint server. The attacker would need to be authenticated…

Categories:
Security Research
Tags:
, , ,
zeroday-default

CH Radyo 2 Cross-Site Scripting Vulnerability

Disclosed May 4, 2014    Zeroday : 203 days
Vendors: CH Radyo
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
oracle-software-delivery-cloud

Accelerate and Simplify Deployment of PowerBroker Privilege Management Solutions with Oracle VM Templates

Posted May 1, 2014    Chris Burd

On April 17th, Oracle and BeyondTrust experts Doan Nguyen and Paul Harper shared how leveraging Oracle VM Templates can automate and simplify the deployment of the PowerBroker for UNIX & Linux privilege management solution across your IT environment. See below for an embedded, on-demand recording of the webcast. Oracle and BeyondTrust Team Up The partnership…

Categories:
General
Tags:
, , , , , , ,
Cybozu

Cybozu Garoon API Security Bypass

Disclosed April 30, 2014    Zeroday : 207 days
Vendors: Cybozu
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker

Internet Explorer 0day: CVE-2014-1776

Posted April 29, 2014    BeyondTrust Research Team

Over the weekend, on April 26, Microsoft released an advisory about an Internet Explorer use-after-free zeroday vulnerability, CVE-2014-1776, that is being exploited in the wild. The vulnerability lies within MSHTML.dll, and affects Internet Explorer 6 through 11. According to FireEye, attacks have been spotted in the wild targeting Internet Explorer 9 through 11. The observed…

Categories:
General
Tags:
, , , ,
microsoft

Internet Explorer Use-After-Free

Disclosed April 26, 2014    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Privately Available
Categories:
Zeroday Tracker