BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Posts Tagged ‘security’

United States Health Department

United States Health Department Updates HIPAA Guidelines

Posted January 25, 2013    Morey Haber

It comes as no surprise to information technology security professionals that data leaks and privacy issues can occur at virtually any level of an organization including business associates, contractors, subs-contractors and outsourced firms like payroll and billing. With this, it is has been a long time coming that the U.S. Department of Health and Human…

Tags:
, , , , , ,
Retina Insight

Vulnerability and Identity Management (VIM) Fusion

Posted January 23, 2013    Morey Haber

Why BeyondTrust? BeyondTrust is a unique company in the security industry that has created the first and only fusion of Vulnerability and Identity Management (VIM). While the industry has spent over a decade refining the process of vulnerability identification and reporting using standards like OVAL and CVE, BeyondTrust has taken the leadership position in understanding what risk…

Tags:
, , , ,
java7

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while…

Tags:
, , , , , ,
ScanMetrics-screenshot

Adobe Flash Player and Air (APSB12-24) Critical Memory Vulnerabilities – November 2012

Posted November 9, 2012    Jerome Diggs

Nine new audits are being released in our Retina vulnerability scan engine to help customers identify a security vulnerability that can enable an attacker to gain control of a vulnerable system (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280) These nine new audits have been released with Retina Network Community and the commercial version of Retina…

Tags:
, , , ,
img-mobile

Most Versions of Android have SMiShing Vulnerability

Posted November 5, 2012    Bobby DeSimone and Scott Ellis

Researchers at NC State University have discovered a vulnerability that allows a zero-permission App to fake SMS messages and thus lead to potential SMS Phishing (or SMiShing).   By creating fake SMS messages from legitimate looking sources, a mal-ware app could fool a user into clicking on a link to a rogue site with the intension of…

Tags:
, , , , , , ,
weakcertificates-retina

Retina Helps Identify Weak Certificates

Posted September 25, 2012    Jerome Diggs

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254.  The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change…

Tags:
, , , , ,
android4_skate

How important is Android 4 to BYOD?

Posted September 19, 2012    Scott Ellis

Android 4 (so far dubbed Ice Cream Sandwich for 4.0.x or Jelly Bean for 4.1.x) is a significant upgrade to the user experience adding in many refinement and features.  For enterprises dealing with the Bring Your Own Device (BYOD) movement, some of these upgrades can be a double-edged sword.

Tags:
, , , , , ,
9.11

September 11th – Lest We Forget.

Posted September 11, 2012    Marc Maiffret

Today marks the 11 year anniversary of the “September 11th” attacks. It is on these days of remembrance that our memory serves as a tool to heal us, to free us from the emotional burdens that can keep us from moving forward. This happens not by allowing these memories to fade from our consciousness, but…

Tags:
, , , , , , ,
Java-Logo

Java Pwns Everyone…Again.

Posted August 30, 2012    BeyondTrust Research Team

Java has a nasty habit of getting you owned. This latest 0day is no exception to the long-lived trend of reliable Java-based exploitation. Here’s what you need to know: The current exploitation method being employed in the wild right now leverages two zero day flaws in Java. The first flaw leverages an implementation issue (logic bug) within ClassFinder.findClass(), which is only present in Java 7.

Tags:
, , , , , , , ,
Blink6.0

Just Released Blink 6.0: Advanced Endpoint Protection

Posted August 16, 2012    Morey Haber

It has been a long time since any vendor has introduced game changing features to end point protection solutions. We have seen claims of better anti-virus protection, advanced persistent threat protection (APT), and even claims of massive resource savings using their latest versions. BeyondTrust believes in a defense in depth approach to end point protection…

Tags:
, , , , ,