BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

CVE-2014-0301 Analysis

Posted March 19, 2014    BeyondTrust Research Team

This blog post will demonstrate how to leverage binary diffing in order to identify a recently patched Microsoft security flaw leveraging only public data. This is a common practice in the security researcher and attacker space but is a useful reminder for those working in IT how straight forward vulnerability identification can be. For this…

Categories:
Security Research
Tags:
kaspersky

Kaspersky RegExp Remote Denial of Service Vulnerability

Disclosed March 18, 2014    Zeroday : 221 days
Vendors: Kaspersky
Vulnerability Severity: Low
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
redhat

oVirt 3.4 Session Fixation and CSRF Vulnerabilities

Disclosed March 17, 2014
Vendors: Red Hat
Vulnerability Severity: Medium
Exploit Impact: Session Hijacking
Exploit Availability:
Categories:
Zeroday Tracker
BI Analytics Reporting

The Best Vulnerability Management Reporting and Analytics

Posted March 13, 2014    Morey Haber

The number one reason why our customers choose BeyondTrust for enterprise vulnerability management is simple: The BeyondInsight Reporting and Analytics capabilities included with Retina CS Enterprise Vulnerability Management exceed the capabilities of every single competitor combined. Retina CS with BeyondInsight is the only vulnerability management solution that ships with an integrated, structured big data warehouse…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , , ,
xnsoft

XnView JXR IFD_ENTRY Processing Integer Overflow Vulnerability

Disclosed March 13, 2014    Zeroday : 226 days
Vendors: XnSoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
MAS-image

Addressing the MAS Technology Risk Management Guidelines with Privilege and Vulnerability Management

Posted March 12, 2014    Morey Haber

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and financial regulatory authority. The MAS frequently releases guidelines that address emerging technologies and evolving threat landscape. In June 2013, the MAS created an updated set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandates certain requirements for Technology Risk Management…

Categories:
Vulnerability Management
Tags:
, , , , ,
claws

Claws Mail Plugins Certificate Verification Vulnerabilities

Disclosed March 11, 2014    Zeroday : 228 days
Vendors: Claws
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
patch-tuesday

March 2014 Patch Tuesday

Posted March 11, 2014    BeyondTrust Research Team

March’s Patch Tuesday brings five patches to us, fixing Internet Explorer, DirectShow, Silverlight, kernel-mode drivers, and the Security Account Manager Remote Protocol. MS14-012 fixes 18 unique vulnerabilities, one of which has been publicly disclosed: CVE-2014-0322. This vulnerability has been exploited as early as January 20, 2014, being used in targeted attacks against visitors to the…

Categories:
Security Research
Tags:
, , ,
vmware

VMware ESXi NTP Denial of Service Vulnerability

Disclosed March 11, 2014    Zeroday : 228 days
Vendors: VMware
Vulnerability Severity: Low
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
luxoft

LuxCal 3.2.2 Cross Site Request Forgery / SQL Injection

Disclosed March 10, 2014    Zeroday : 229 days
Vendors: LuxSoft
Vulnerability Severity: Medium
Exploit Impact: SQL Injection
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker