BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

January, 2013

United States Health Department

United States Health Department Updates HIPAA Guidelines

Posted January 25, 2013    Morey Haber

It comes as no surprise to information technology security professionals that data leaks and privacy issues can occur at virtually any level of an organization including business associates, contractors, subs-contractors and outsourced firms like payroll and billing. With this, it is has been a long time coming that the U.S. Department of Health and Human…

Tags:
, , , , , ,
Retina Insight

Vulnerability and Identity Management (VIM) Fusion

Posted January 23, 2013    Morey Haber

Why BeyondTrust? BeyondTrust is a unique company in the security industry that has created the first and only fusion of Vulnerability and Identity Management (VIM). While the industry has spent over a decade refining the process of vulnerability identification and reporting using standards like OVAL and CVE, BeyondTrust has taken the leadership position in understanding what risk…

Tags:
, , , ,
Hiding in plain sight

IT Security’s Best Kept Secret – Hiding in Plain Sight

Posted January 22, 2013    Mike Puterbaugh

This blog post was first posted on Wired.com on January 22nd, 2013. It can be found, in it’s original formatting, here: http://insights.wired.com/profiles/blogs/it-security-s-best-kept-secret-hiding-in-plain-sight               There’s a reason the old saying “an ounce of prevention is worth of a pound a cure” resonates in so many situations – because it’s true….

Tags:
, , , , , ,
ibm

IBM WebSphere Application Server Multiple Vulnerabilities

Disclosed January 21, 2013    Fully Patched
Vendors: IBM
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
aloaha

Aloaha PDF Saver Insecure File Permissions

Disclosed January 20, 2013    Fully Patched
Vendors: Aloaha Software
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
coolpdfsoftware

CoolPDF Reader Buffer Overflow

Disclosed January 18, 2013    Zeroday : 551 days
Vendors: CoolPDF Software, Inc
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available

January VEF Participant Wins a Kindle Fire

Posted January 17, 2013    Qui Cao

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Java/IE 0days Put to Bed

Posted January 14, 2013    BeyondTrust Research Team

Over the past two days, two actively exploited 0day vulnerabilities got patched. Yesterday, Oracle addressed the 0day in Java, CVE-2013-0422, with an new update, Java 7u11. Today, Microsoft addressed the 0day in Internet Explorer 6-9, CVE-2012-4792, with MS13-008. In addition to fixing the 0day vulnerability, the Java update changes the default security level setting from…

Tags:
, , , , ,
java7

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while…

Tags:
, , , , , ,
cisco

Cisco Unified IP Phone System Call Vulnerability

Disclosed January 9, 2013    Fully Patched
Vendors: Cisco
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: