BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

April, 2013

Endpoint Solutions Families

Security Tools for IT

Posted April 30, 2013    Bill Virtue

There is still a divide between the Security Operations Center (SOC) and the Network Operating Center (NOC). Security Operations is more strategic following security best practices to improve corporate security posture (based on business risk) and to ensure implementation of security policies and compliance. While IT is focused on network management, infrastructure availability and SLAs…

Tags:
, , , , ,
vivotek

Vivotek IP Cameras Multiple Vulnerabilities

Disclosed April 29, 2013    Zeroday : 485 days
Vendors: Vivotek
Vulnerability Severity: High
Exploit Impact: Command Injection, Elevation of Privilege, Remote Code Execution, Security Bypass
Exploit Availability: Publicly Available
apple

iOS Safari text/plain Cross-Site Scripting Vulnerability

Disclosed April 26, 2013    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
security-people

It’s not about the security, it’s about the people

Posted April 25, 2013    Jason Silva

I’ve said it before and I’ll say it again, I’m a big fan of the Doctor Who series. I was watching a recent episode where they needed to hack into a computer system. The Doctor didn’t think Clara, the current leading lady, could do it because the security was too tight. She replied simply, “It’s…

Tags:
, , , , , , , , ,
vmware

VMware vCenter and ESX Multiple Vulnerabilities

Disclosed April 25, 2013    Partially Patched, Zeroday
Vendors: VMware
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Java-Logo

Recently Patched Java Vulnerability Exploited In the Wild: How (Not) Surprising

Posted April 23, 2013    BeyondTrust Research Team

A type confusion vulnerability, recently patched in Java 7u21 and Java 6u45, has been spotted in the wild. According to a recent blog post from F-Secure, exploitation of CVE-2013-2423 started shortly after April 21st, 2013 and continues. Given what we know about Java, none of this is surprising. “Why?!” you may ask, “didn’t we all…

Tags:
, , , , , , , , , , , ,
cnbc-uk-video-maiffret

CNBC Interview Featuring our CTO: Security Takes a Backseat in Tech

Posted April 22, 2013    Sarah Lieber

Marc Maiffret, our CTO, was interviewed earlier today in the UK on CNBC. He tells CNBC most aspects of society are being built around technology and most companies aren’t building technology with security in mind. In the interview, Marc states: “Most aspects of society today are being built around technology from every facet. If you…

Tags:
, , , , , ,
oracle-logo-98x98

Java: Sizeable Critical Patch Update and Two Sugars, Please

Posted April 15, 2013    BeyondTrust Research Team

Oracle is rolling out yet another Critical Patch Update (CPU) for Java – and this time they’ve fixed 39 remotely exploitable vulnerabilities. This is not to say that all of these vulnerabilities may provide an attacker with remote code execution. However, the highest CVSS Base Score of all the vulnerabilities was a 10.0, meaning that…

Tags:
, , , , , ,
dlink

D-Link DIR-865L Cross-Site Request Forgery

Disclosed April 13, 2013    Fully Patched
Vendors: D-Link
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
SMART_PERSON

Security Intelligence: Finding Out What Part Actually Makes You Smart

Posted April 12, 2013    Mike Yaffe

Organizations of all sizes having been trying to address Big Data, Security Intelligence and contextual security for awhile, but without much success. For security folks in particular this is a sensitive topic, as nestled among the thousands of lines of code or logs files is what they need to know to prevent the next successful breach. SIEM…

Tags:
, , , , ,