BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

April, 2012

mcafee

McAfee Virtual Technician ActiveX Control Remote Code Execution

Disclosed April 30, 2012    Workaround Available
Vendors: McAfee
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
AD and PBSE

Manage Privileged Access for UNIX/Linux with Microsoft Active Directory

Posted April 27, 2012    Peter McCalister

In my discussions with IT teams, I am continually reminded that managing access to UNIX and Linux systems and doing so in a least cost manner is important for IT. IT must do more with less. There is a constant need to drive down the costs of operations and deliver more to the business. Failure…

netsnmp

Net-SNMP Denial of Service

Disclosed April 26, 2012    Fully Patched
Vendors: Net-SNMP
Vulnerability Severity: High
Exploit Impact: Denial of Service
Exploit Availability:
cloudlock1

Breaches, Breaches Everywhere, It Seems that Insiders Just Don’t Care!

Posted April 24, 2012    Peter McCalister

Let’s take a look at a few of the breaches being reported this week alone – all at the hand of insiders. The Utah Department of Health reported that about 780,000 claims had been accessed by a hacker. Then they added that 280,000 people’s social security numbers were stolen and 500,000 people had less-sensitive personal…

samsung

Samsung NET-i Viewer Multiple Vulnerabilities

Disclosed April 24, 2012    Workaround Available
Vendors: Samsung
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
einstein

Call it Genius. Our Smart Groups Make Vulnerability Management Simple for Security Teams

Posted April 20, 2012    Morey Haber

eEye R&D has been hard at work on optimizing how our enterprise clients can manage and schedule assessments within Retina CS. These efforts will increase the efficiency of how our clients perform assessments across their IT infrastructure – be it their traditional server or desktop assets, or new technologies like mobile, virtual and cloud.

Tags:
, , , , , ,
microsoft

Microsoft Visual Studio Linker Vulnerability

Disclosed April 20, 2012    No Patch Available
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Remote Code Execution
Exploit Availability:
python

Python Hash Collision Denial of Service Vulnerability

Disclosed April 19, 2012    Fully Patched
Vendors: Python
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
PBSE

The Key to Controlling Privileged User Activity? Centralize!

Posted April 18, 2012    Peter McCalister

Those of you who follow my blogs know that sudo – and the issues it presents IT organizations – is one of my favorite discussion topics. I suppose that’s because there is no shortage of stories that surface on a regular basis on the problems that can arise with sudo, and I feel compelled to…

oracle

Oracle Database TNS Session Hijack

Disclosed April 18, 2012    Fully Patched
Vendors: Oracle
Vulnerability Severity: High
Exploit Impact:
Exploit Availability: