BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
joomla

Joomla! ‘se_regs[]‘ Parameter SQL Injection

Disclosed May 6, 2013    Fully Patched
Vendors: Joomla! DJ Classifieds Extension
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
belkin

(Belkin) Cisco Linksys E4200 Router Multiple Vulnerabilities

Disclosed May 6, 2013    No Patch Available
Vendors: Belkin (Linksys)
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
microsoft

Internet Explorer Remote Code Execution Vulnerability

Disclosed May 3, 2013    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
penny

5 steps to securing the small business (that don’t cost a penny)

Posted May 1, 2013    Andy Clark

For many small businesses there are considerable restraints on both budget and personnel that can make implementing a good security practice feel like an insurmountable challenge. Recent news gives us a constant reminder of the threats we all face from hactivists, electronic espionage, and good old fashioned script kiddies out to cause damage. These threats…

Categories:
Privileged Account Management
Tags:
, , , , , , , , ,
Endpoint Solutions Families

Security Tools for IT

Posted April 30, 2013    Bill Virtue

There is still a divide between the Security Operations Center (SOC) and the Network Operating Center (NOC). Security Operations is more strategic following security best practices to improve corporate security posture (based on business risk) and to ensure implementation of security policies and compliance. While IT is focused on network management, infrastructure availability and SLAs…

Categories:
Vulnerability Management
Tags:
, , , , ,
vivotek

Vivotek IP Cameras Multiple Vulnerabilities

Disclosed April 29, 2013    Zeroday : 479 days
Vendors: Vivotek
Vulnerability Severity: High
Exploit Impact: Command Injection, Elevation of Privilege, Remote Code Execution, Security Bypass
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
apple

iOS Safari text/plain Cross-Site Scripting Vulnerability

Disclosed April 26, 2013    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
security-people

It’s not about the security, it’s about the people

Posted April 25, 2013    Jason Silva

I’ve said it before and I’ll say it again, I’m a big fan of the Doctor Who series. I was watching a recent episode where they needed to hack into a computer system. The Doctor didn’t think Clara, the current leading lady, could do it because the security was too tight. She replied simply, “It’s…

Categories:
Vulnerability Management
Tags:
, , , , , , , , ,
vmware

VMware vCenter and ESX Multiple Vulnerabilities

Disclosed April 25, 2013    Partially Patched, Zeroday
Vendors: VMware
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
Java-Logo

Recently Patched Java Vulnerability Exploited In the Wild: How (Not) Surprising

Posted April 23, 2013    BeyondTrust Research Team

A type confusion vulnerability, recently patched in Java 7u21 and Java 6u45, has been spotted in the wild. According to a recent blog post from F-Secure, exploitation of CVE-2013-2423 started shortly after April 21st, 2013 and continues. Given what we know about Java, none of this is surprising. “Why?!” you may ask, “didn’t we all…

Categories:
Vulnerability Management
Tags:
, , , , , , , , , , , ,