Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


January, 2014


bloofoxCMS Multiple Vulnerabilities

Disclosed January 31, 2014    Zeroday : 614 days
Vendors: bloofoxCMS
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available

We’re Getting Pumped up for RSA

Posted January 30, 2014    Sarah Lieber

Here at BeyondTrust we’re getting pumped up for RSA, which takes place Feb 24th – 27th, 2014! This year in San Francisco we’re going to demonstrate how our PowerBroker Privilege Management and Retina Vulnerability Management solutions ensure that IT environments are healthy and ready to fend off threats. We’ll also be featuring some amazing “feats…

, , , , ,

Retina Audits for Target POSRAM Malware

Posted January 29, 2014    BeyondTrust Research Team

By now, you’ve heard of the POSRAM malware used against retail giant Target to steal customers’ payment card information from point-of-sale terminals. If you have not heard of POSRAM, or are unfamiliar with how it works, the malware scans processes’ memory for credit card information and periodically uploads that information to an attacker controlled server….

two different gradient circles of arrows with different blue colors

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets. Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to…

, , , ,

Marc Maiffret Interviewed on Fox News: How Safe is Consumer Data on the ObamaCare Website?

Posted January 17, 2014    Mike Yaffe

Yesterday, Marc Maiffret appeared as a special guest of “The Willis Report” on Fox News where he discussed how safe consumer data is on the ObamaCare website. As background, according to news reports, ObamaCare continues to leave consumer data vulnerable to theft months after security problems were first exposed. In the wake of a Christmas-season…

, , , ,

Dell PowerConnect Products Multiple Vulnerabilities

Disclosed January 17, 2014    Zeroday : 628 days
Vendors: Dell
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available

Cisco NTP Mode 7 Denial of Service Vulnerability

Disclosed January 15, 2014    Zeroday : 630 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available

January 2014 Patch Tuesday

Posted January 14, 2014    BeyondTrust Research Team

Welcome to 2014! This month is a light month for Patch Tuesday bulletins. Microsoft has released patches for Microsoft Word and Office Web Apps, the Windows Kernel (and drivers), and Microsoft Dynamics AX. There are a total of four bulletins addressing six unique vulnerabilities; all of which are rated as important. The NDProxy zero-day vulnerability…

, , ,

EZGenerator Cross-Site Request Forgery

Disclosed January 8, 2014    Zeroday : 637 days
Vendors: Image-Line
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: Publicly Available

Seagate BlackArmor Multiple Vulnerabilities

Disclosed January 6, 2014    Zeroday : 639 days
Vendors: Seagate
Vulnerability Severity: High
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available