BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
fitnesse

FitNesse Arbitrary Command Execution Vulnerability

Disclosed February 25, 2014    Zeroday : 237 days
Vendors: FitNesse
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
SCAPblog-img2

Going Beyond SCAP for Benchmark Compliance

Posted February 24, 2014    Morey Haber

SCAP configuration compliance assessments, commonly referred to as “Benchmark” assessments, are traditionally cumbersome tasks when multiple benchmarks have to be tested against multiple targets at the same time. For the vast majority of SCAP-certified tools, this means executing one benchmark at a time against a valid host(s) and reviewing the results. The same targets often…

Categories:
Privileged Account Management
Tags:
, , , , , ,

Congratulation to our January and February VEF Participants

Posted February 20, 2014    Qui Cao

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Categories:
Vulnerability Management
belkin

WRT120N fprintf Stack Overflow

Disclosed February 19, 2014    Zeroday : 243 days
Vendors: Belkin (Linksys)
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker

BeyondInsight: Privilege and Vulnerability Management Unification

Posted February 18, 2014    Morey Haber

Fifteen years ago there was a revolution in information technology operations. Different teams that managed networks and systems merged their practices and technology under frameworks like Computer Associates Unicenter and IBM Tivoli. Today, these solutions have evolved to CA Spectrum, SolarWinds, and SpiceWorks. These are all fantastic technologies that have proven that the fusion of…

Categories:
Privileged Account Management
Tags:
, , , , , ,
Access-Report1

Neophytes and Professionals

Posted February 14, 2014    Morey Haber

There is a first time for everything. Your first steps, your first date, your first child, your first vulnerability assessment scan. A first time for everything. The Retina Network Security Scanner Unlimited makes taking the first step incredibly easy and affordable. For security professionals, it is just another step in making sure your assets are…

Categories:
Vulnerability Management
Tags:
, , , ,

Least Privilege on Windows Desktops and Servers

Posted February 13, 2014    Morey Haber

We have all seen the news. Least privilege attacks on the NSA and companies like Target have lead to elevated privileges on sensitive systems and access to confidential data. Securing administrative privileges on desktops and servers is beginning to take center stage for many organizations since low level entry points are now being used to…

Categories:
Privileged Account Management
Tags:
, , , ,
microsoft

IE10 Use-After-Free 0day

Disclosed February 13, 2014    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
belkin

Linksys Routers Command Injection

Disclosed February 12, 2014    Zeroday : 250 days
Vendors: Belkin (Linksys)
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
patch-tuesday

February 2014 Patch Tuesday

Posted February 11, 2014    BeyondTrust Research Team

February’s Patch Tuesday comes to us with patches for XML Core Services, IPv6, Direct2D, Forefront, .NET, Internet Explorer, and VBScript. There are a total of seven bulletins (4 critical, 3 important) addressing 31 unique vulnerabilities. Most notable this month is the patch for Internet Explorer, MS14-010, which fixes 24 vulnerabilities: over two thirds of this…

Categories:
Vulnerability Management
Tags:
, , ,