BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
oracle

Oracle Outside In Microsoft Access Remote Code Execution

Disclosed October 15, 2013    Partially Patched
Vendors: Microsoft, miscellaneous vendors, Oracle
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
dlink

Multiple Routers (D-Link/Planex) Coded Backdoor

Disclosed October 12, 2013    No Patch Available
Vendors: D-Link, Planex
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
retinacs-insight-scalability

Scalability Part Deuce

Posted October 9, 2013    Morey Haber

It was great to see a flood of email on the previous scalability blog. Thank you all for the emails directly to me on the topic. Based on the responses, I would be remiss not to cover the other three sides of scalability. First, is how we scale down. Retina is a family of solutions….

Categories:
New Features, Vulnerability Management
Tags:
, , , , , ,
ScanMetrics-screenshot

Now Available: Retina Unlimited – $1,200 Unlimited IP Addresses

Posted October 8, 2013    Marc Maiffret

It has been over 15 years since we first introduced Retina, the Network Security Scanner, to the world. In those early days the vulnerability assessment space was still in its infancy with much of the focus being around scanning network based services for remotely exploitable vulnerabilities. Back then there were no compliance mandates or policies…

Categories:
New Features, Vulnerability Management
Tags:
, , , , ,
patch-tuesday

October 2013 Patch Tuesday: 10 Year Anniversary Edition

Posted October 8, 2013    BeyondTrust Research Team

Happy 10th birthday, Patch Tuesday! This month marks the 10th anniversary of the Patch Tuesday process we’re all familiar with. To kick off the anniversary celebrations, October’s patch Tuesday fixes vulnerabilities in Internet Explorer, the Windows Kernel, .NET, SharePoint, Office, and more. There are a total of 8 patches, fixing 26 unique vulnerabilities; four bulletins…

Categories:
Security Research
Tags:
, ,
corel

Corel PaintShop Pro Insecure Library Loading

Disclosed October 4, 2013    Zeroday : 418 days
Vendors: Corel
Vulnerability Severity: High
Exploit Impact: Insecure Library Loading
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
src

The Silk Road to the FBI is Paved with Bitcoin

Posted October 3, 2013    BeyondTrust Research Team

The FBI has seized control of one of the online black market’s most prominent marketplaces, Silk Road. Silk Road was an online marketplace used by miscreants who bought and sold illegal merchandise, such as drugs, weapons, and other illicit materials. It was not accessible without the use of routing software known as Tor (the onion…

Categories:
Vulnerability Management
iconcool

PDFCool Buffer Overflow

Disclosed October 2, 2013    Zeroday : 420 days
Vendors: IconCool Software
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Privately Available, Publicly Available
Categories:
Zeroday Tracker
zeroday-default

libtar Directory Traversal Vulnerabilities

Disclosed October 1, 2013    Fully Patched
Vendors: libtar
Vulnerability Severity: Low
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
hp

HP 2620 Switch Series Cross-Site Request Forgery

Disclosed September 26, 2013    Zeroday : 426 days
Vendors: HP
Vulnerability Severity: High
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker