BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
cisco

Cisco IOS GET VPN Encryption Policy Bypass

Disclosed July 19, 2013    Zeroday : 409 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
oracle

Java Reflection API Remote Code Execution Vulnerability

Disclosed July 18, 2013    Fully Patched
Vendors: Oracle
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker

Controlling User Accounts and Regulatory Compliance

Posted July 15, 2013    Morey Haber

PCI DSS Requirement 8 requires that organizations must be able to identify and log all user and administrative access to information systems and applications containing credit card and personally identifiable information. In addition, environments must also have a unique ID for every individual that will have computer access to these systems.  This simple requirement can…

Categories:
Vulnerability Management
Tags:
, , , , , , , , , , ,

July VEF Participant Wins a Kindle Fire

Posted July 15, 2013    Qui Cao

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Categories:
Vulnerability Management
retinacs-tierarchitecture

What can the Retina CS Threat Management Console do for me?

Posted July 10, 2013    Morey Haber

I am spending this week at the Microsoft Worldwide Partner Conference. It is a change for me. I am attending as a participant partner verses working the traditional conference trade show booth. This is relevant to the blog because as a I network with other partners, I find myself explaining BeyondTrust as a dynamic security…

Categories:
Vulnerability Management
Tags:
, , , , , ,
patch-tuesday

July 2013 Patch Tuesday

Posted July 9, 2013    BeyondTrust Research Team

July’s patch Tuesday fixes vulnerabilities in .NET, Windows, and Internet Explorer. There are a total of seven bulletins addressing 34 unique vulnerabilities; six bulletins are rated critical and one is rated important. MS13-052 addresses a TrueType font parsing vulnerability in .NET (CVE-2013-3129, also addressed in MS13-053 and MS13-054), as well as six other vulnerabilities. This…

Categories:
Security Research
Tags:
, ,
gold-star

Getting a gold star in compliance

Posted July 9, 2013    Mike Yaffe

You know I realize that I’m getting older after I lived through “this is gonna be the big year for PKI (heard that for 4 straight years, and I’m still waiting)”, or “everyone will have a digital certificate on all their credit cards next year”, or “security and compliance are two different things.” As for…

Categories:
Vulnerability Management
Tags:
, , , , , , ,
videolan

VLC Media Player MKV Integer Overflow

Disclosed July 9, 2013    Fully Patched
Vendors: VideoLAN
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
corel

Multiple Remote Code Execution Vulnerabilities in Corel PDF Fusion

Disclosed July 8, 2013    Zeroday : 420 days
Vendors: Corel
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
sclogoupdated_1448

Our CTO Writes for SC Magazine’s Threat of the Month: SCADA “sport fishing”

Posted July 2, 2013    Sarah Lieber

Our CTO, Marc Maiffret wrote for the SC Magazine column,Threat of the Month: SCADA “sport fishing” section yesterday. Read an excerpt below and read the full article here. What is it? SCADA is not just a focus because of its often critical deployments, but also because performing vulnerability research on SCADA systems is easy, like…

Categories:
General
Tags:
, , , , , , , ,