BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

April, 2014

Cybozu

Cybozu Garoon API Security Bypass

Disclosed April 30, 2014    Zeroday : 145 days
Vendors: Cybozu
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available

Internet Explorer 0day: CVE-2014-1776

Posted April 29, 2014    BeyondTrust Research Team

Over the weekend, on April 26, Microsoft released an advisory about an Internet Explorer use-after-free zeroday vulnerability, CVE-2014-1776, that is being exploited in the wild. The vulnerability lies within MSHTML.dll, and affects Internet Explorer 6 through 11. According to FireEye, attacks have been spotted in the wild targeting Internet Explorer 9 through 11. The observed…

Tags:
, , , ,
microsoft

Internet Explorer Use-After-Free

Disclosed April 26, 2014    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Privately Available
PBW-cricklewood sample RCS

Managing Rules the Easy Way with PowerBroker for Windows Collections

Posted April 25, 2014    Morey Haber

One of the least-known secrets about PowerBroker for Windows is the ability to create logical groups of rules, or “collections.” Rules automate the actions taken by PowerBroker to enforce system and application access policies on Windows servers and desktops. In addition to making it easy to manage rules, collections enable you to enforce parent rules…

Tags:
, , , , , , , ,

April VEF Participant Wins a Apple iPad mini

Posted April 24, 2014    Qui Cao

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

cfos

cFos 3.09 Denial of Service

Disclosed April 24, 2014    Zeroday : 151 days
Vendors: cFos
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Posted April 23, 2014    Morey Haber

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Tags:
, , , , ,
smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

Posted April 21, 2014    Morey Haber

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

Posted April 18, 2014    Morey Haber

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Posted April 17, 2014    BeyondTrust Software

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Tags:
, , , , ,