BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Posts Tagged ‘retina’

Virtual Insecurity Infographic FINAL

Virtual Insecurity, and Ways to Combat It

Stating the obvious, our customers continue to make investments in virtualization. To support them, BeyondTrust has always been on the leading edge of providing tools and solutions in that regard. Whether it for managing privileges on virtual hosts, or scanning private cloud assets for flaws, BeyondTrust has always been at the forefront of security and…

Post by Mike Puterbaugh May 8, 2013
Tags:
, , ,
Java-Logo

Recently Patched Java Vulnerability Exploited In the Wild: How (Not) Surprising

A type confusion vulnerability, recently patched in Java 7u21 and Java 6u45, has been spotted in the wild. According to a recent blog post from F-Secure, exploitation of CVE-2013-2423 started shortly after April 21st, 2013 and continues. Given what we know about Java, none of this is surprising. “Why?!” you may ask, “didn’t we all…

Post by BeyondTrust Research Team April 23, 2013
Tags:
, , , , , , , , , , , ,
oracle-logo-98x98

Java: Sizeable Critical Patch Update and Two Sugars, Please

Oracle is rolling out yet another Critical Patch Update (CPU) for Java – and this time they’ve fixed 39 remotely exploitable vulnerabilities. This is not to say that all of these vulnerabilities may provide an attacker with remote code execution. However, the highest CVSS Base Score of all the vulnerabilities was a 10.0, meaning that…

Post by BeyondTrust Research Team April 15, 2013
Tags:
, , , , , ,
SMART_PERSON

Security Intelligence: Finding Out What Part Actually Makes You Smart

Organizations of all sizes having been trying to address Big Data, Security Intelligence and contextual security for awhile, but without much success. For security folks in particular this is a sensitive topic, as nestled among the thousands of lines of code or logs files is what they need to know to prevent the next successful breach. SIEM…

Post by Mike Yaffe April 12, 2013
Tags:
, , , , ,
United States Health Department

United States Health Department Updates HIPAA Guidelines

It comes as no surprise to information technology security professionals that data leaks and privacy issues can occur at virtually any level of an organization including business associates, contractors, subs-contractors and outsourced firms like payroll and billing. With this, it is has been a long time coming that the U.S. Department of Health and Human…

Post by Morey Haber January 25, 2013
Tags:
, , , , , ,
ieflaw

Another (sigh) IE Zero-Day

Unfortunately, the security industry was not going to escape 2012 without seeing yet another zero-day vulnerability in Microsoft’s Internet Explorer. It has been discovered that a targeted attack, leveraging a zero-day in IE, has been posed against the Council on Foreign Relations Portal. The technical origin of the flaw is as follows: the vulnerability occurs…

Post by BeyondTrust Research Team December 30, 2012
Tags:
, , , , , ,
Java-Logo

JRE 6 automatic upgrade to JRE 7, coming soon

Starting this month, Oracle will be automatically replacing Java Runtime Environment (JRE) 6 installations with JRE 7 installations on a small amount of users’ systems (the users are randomly chosen). This will be done to ensure that the automatic upgrading mechanism is working properly. In February 2013, the last public version of JRE 6 (Java…

Post by BeyondTrust Research Team December 19, 2012
Tags:
, , , , , , ,
img-01-resized-600.jpg

MS SQL Cross-Site Scripting (XSS) News – October 2012

Eight new audits are being released in our Retina vulnerability scan engine to help close a security vulnerability that can enable an attacker to gain control of a MS SQL Database Server running SQL Reporting Services via Cross-Site Scripting (CVE-2012-2552, MS12-070). These eight new audits have been released with Retina Network Community and the commercial…

Post by Jerome Diggs October 15, 2012
Tags:
, , , , ,
weakcertificates-retina

Retina Helps Identify Weak Certificates

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254.  The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change…

Post by Jerome Diggs September 25, 2012
Tags:
, , , , ,
android4_skate

How important is Android 4 to BYOD?

Android 4 (so far dubbed Ice Cream Sandwich for 4.0.x or Jelly Bean for 4.1.x) is a significant upgrade to the user experience adding in many refinement and features.  For enterprises dealing with the Bring Your Own Device (BYOD) movement, some of these upgrades can be a double-edged sword.

Post by Scott Ellis September 19, 2012
Tags:
, , , , , ,