BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
Target

Retina Audits for Target POSRAM Malware

Posted January 29, 2014    BeyondTrust Research Team

By now, you’ve heard of the POSRAM malware used against retail giant Target to steal customers’ payment card information from point-of-sale terminals. If you have not heard of POSRAM, or are unfamiliar with how it works, the malware scans processes’ memory for credit card information and periodically uploads that information to an attacker controlled server….

Categories:
Vulnerability Management

Retina Performs Continuous Vulnerability Assessment

Posted January 28, 2014    Morey Haber

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets. Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to…

Categories:
Vulnerability Management
Tags:
, , , ,
marc-maiffret-fox-news-screenshot

Marc Maiffret Interviewed on Fox News: How Safe is Consumer Data on the ObamaCare Website?

Posted January 17, 2014    Mike Yaffe

Yesterday, Marc Maiffret appeared as a special guest of “The Willis Report” on Fox News where he discussed how safe consumer data is on the ObamaCare website. As background, according to news reports, ObamaCare continues to leave consumer data vulnerable to theft months after security problems were first exposed. In the wake of a Christmas-season…

Categories:
General
Tags:
, , , ,
dell

Dell PowerConnect Products Multiple Vulnerabilities

Disclosed January 17, 2014    Zeroday : 314 days
Vendors: Dell
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
cisco

Cisco NTP Mode 7 Denial of Service Vulnerability

Disclosed January 15, 2014    Zeroday : 316 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
patch-tuesday

January 2014 Patch Tuesday

Posted January 14, 2014    BeyondTrust Research Team

Welcome to 2014! This month is a light month for Patch Tuesday bulletins. Microsoft has released patches for Microsoft Word and Office Web Apps, the Windows Kernel (and drivers), and Microsoft Dynamics AX. There are a total of four bulletins addressing six unique vulnerabilities; all of which are rated as important. The NDProxy zero-day vulnerability…

Categories:
Security Research
Tags:
, , ,
imageline

EZGenerator Cross-Site Request Forgery

Disclosed January 8, 2014    Zeroday : 323 days
Vendors: Image-Line
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
seagate

Seagate BlackArmor Multiple Vulnerabilities

Disclosed January 6, 2014    Zeroday : 325 days
Vendors: Seagate
Vulnerability Severity: High
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
ophcrack

Ophcrack Insecure Library Loading Vulnerability

Disclosed January 1, 2014    Zeroday : 330 days
Vendors: Ophcrack
Vulnerability Severity: Medium
Exploit Impact: Insecure Library Loading
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
sercom

SerComm Products Backdoor

Disclosed December 31, 2013    Zeroday : 331 days
Vendors: SerComm
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker