Archive for January, 2013
United States Health Department Updates HIPAA Guidelines
It comes as no surprise to information technology security professionals that data leaks and privacy issues can occur at virtually any level of an organization including business associates, contractors, subs-contractors and outsourced firms like payroll and billing. With this, it is has been a long time coming that the U.S. Department of Health and Human…
Vulnerability and Identity Management (VIM) Fusion
Why BeyondTrust? BeyondTrust is a unique company in the security industry that has created the first and only fusion of Vulnerability and Identity Management (VIM). While the industry has spent over a decade refining the process of vulnerability identification and reporting using standards like OVAL and CVE, BeyondTrust has taken the leadership position in understanding what risk…
IT Security’s Best Kept Secret – Hiding in Plain Sight
This blog post was first posted on Wired.com on January 22nd, 2013. It can be found, in it’s original formatting, here: http://insights.wired.com/profiles/blogs/it-security-s-best-kept-secret-hiding-in-plain-sight There’s a reason the old saying “an ounce of prevention is worth of a pound a cure” resonates in so many situations – because it’s true….
January VEF Participant Wins a Kindle Fire
As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…
Java/IE 0days Put to Bed
Over the past two days, two actively exploited 0day vulnerabilities got patched. Yesterday, Oracle addressed the 0day in Java, CVE-2013-0422, with an new update, Java 7u11. Today, Microsoft addressed the 0day in Internet Explorer 6-9, CVE-2012-4792, with MS13-008. In addition to fixing the 0day vulnerability, the Java update changes the default security level setting from…
Java Zero Day Exploit – Java 7 Not the Answer
A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while…
January 2013 Patch Tuesday: Patches, but none for the IE 0day!
Happy New Year! Starting off 2013, we’ve got a critical vulnerability within the Windows Print Spooler, and we’re still seeing bugs surface in widely used software like MSXML, the .NET framework, and SSL/TLS. January’s Patch Tuesday greets us with seven patches, addressing 12 vulnerabilities across a spectrum of Microsoft software. Two of these bulletins are…
