BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

March VEF Participant Wins a Kindle Fire

Posted March 19, 2013    Qui Cao

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Categories:
Vulnerability Management
oracle

Partial Security Bypass Vulnerability in Java

Disclosed March 18, 2013    No Patch Available
Vendors: Oracle
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
572884_503436863_124962594_n

BeyondTrust CTO sits down with IT Harvest’s Richard Steinnon

Posted March 17, 2013    Mike Puterbaugh

BeyondTrust’s CTO, Marc Maiffret, recently sat down with IT Harvest’s Richard Steinnon to discuss a wide range of topics surrounding the security industry today, including the accelerated rate of attacks we’re currently seeing, what our customers are doing to protect themselves, and they even discuss BeyondTrust’s new tagline, Beyond Traditional Security and what that means…

Categories:
General
Tags:
, , , , , , , , ,
patch-tuesday

March 2013 Patch Tuesday: Cleaning House

Posted March 12, 2013    BeyondTrust Research Team

Patch Tuesday is upon us and this month, Microsoft is doing a little spring cleaning of vulnerabilities, fixing a well-rounded collection of client-side vulnerabilities, along with a few server-side vulnerabilities for good measure. This month, the affected software includes Internet Explorer, Silverlight, Visio Viewer, SharePoint, OneNote, Outlook for Mac, and a Windows kernel-mode driver. In…

Categories:
Vulnerability Management
Tags:
, , , ,
java_update_screen

Oracle’s Java Hates Least-Privilege

Posted March 8, 2013    Marc Maiffret

Recently, there has been a lot of commentary and discussions about what to do about the state of security and the seemingly endless attacks that we are facing. There are, of course, many recommendations that are being made at a governmental level of how best to approach this problem through the use of information sharing…

Categories:
Privileged Account Management
Tags:
, , ,
clock-reset

sudo authentication bypass when clock is reset

Posted March 7, 2013    Rod Simmons

A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on seclist.org and threatpost.com. What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which…

Categories:
Privileged Account Management
Tags:
, , , ,
corel

Corel WordPerfect Memory Corruption

Disclosed March 7, 2013    Zeroday : 505 days
Vendors: Corel
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
oracle

Remote Code Execution Vulnerability in Java

Disclosed February 28, 2013    Fully Patched
Vendors: Oracle
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
RSA-Ad

Instagram at RSA and Win!

Posted February 26, 2013    Sarah Lieber

The RSA Expo Hall is opening up in just a few hours and it’s going to be packed full of security practitioners, vendors, security solutions and giveaways! With so much going on, we want YOU, our readers who are attending RSA to share your best photos at the show. Please Tweet and Instagram photos you’ve taken during…

Categories:
Vulnerability Management
Tags:
, , , ,

February VEF Participant Wins a Kindle Fire

Posted February 25, 2013    Qui Cao

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Categories:
Vulnerability Management