BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
Retina Security Scanner

Scalability When You Need It

Posted September 25, 2013    Morey Haber

I think we have all been there before. We pilot a solution, run the gambit of tests in the lab, and when it comes to production, the scalability falls flat on its face. It does not matter if the solution was architected correctly for the environment with multiple nodes, high performance database, and tons of…

Categories:
Vulnerability Management
Tags:
, , ,

September VEF Participant Wins an iPad mini

Posted September 24, 2013    Qui Cao

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Categories:
Vulnerability Management
solarwinds

SolarWinds Server and Application Monitor Buffer Overflow

Disclosed September 23, 2013    Workaround Available, Zeroday
Vendors: SolarWinds
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
Retina CS

Building Automated Vulnerability Audit Groups

Posted September 20, 2013    Bill Tillson

From time to time, the field engineering team and I see the same request cross our desks in a short period of time. This time it was how to remove certain types of audits from running when performing a vulnerability scan originating from Retina CS. The old way of doing things would have required the…

Categories:
Vulnerability Management
Tags:
, , , , , , ,
redhat

systemd Multiple Vulnerabilities

Disclosed September 20, 2013    Fully Patched
Vendors: Red Hat
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
Monstra

Monstra CMS Blind SQL Injection Vulnerability

Disclosed September 20, 2013    Zeroday : 400 days
Vendors: Sergey Romanenko
Vulnerability Severity: Medium
Exploit Impact: SQL Injection
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
apple

iOS 7 Lock Screen Bypass

Disclosed September 19, 2013    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability:
Categories:
Zeroday Tracker
cisco

Cisco AnyConnect Secure Mobility Client Local Privilege Escalation

Disclosed September 19, 2013    Zeroday : 401 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Insecure Library Loading
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
LOLZ

Land of the Rising IE 0day

Posted September 17, 2013    BeyondTrust Research Team

A new Internet Explorer zeroday has surfaced that affects every supported version of Internet Explorer. It has been observed in the wild in targeted attacks in Japan. Current attacks are focusing on exploiting Internet Explorer 8 and 9 on Windows XP and 7 machines. This is a use-after-free vulnerability in mshtml.dll, which is a DLL…

Categories:
Security Research
Tags:
,
microsoft

IE 8/9 mshtml.dll NULL_IMPORT_DESCRIPTOR Use After Free

Disclosed September 17, 2013    Fully Patched, Workaround Available
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker