BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Java/IE 0days Put to Bed

Posted January 14, 2013    BeyondTrust Research Team

Over the past two days, two actively exploited 0day vulnerabilities got patched. Yesterday, Oracle addressed the 0day in Java, CVE-2013-0422, with an new update, Java 7u11. Today, Microsoft addressed the 0day in Internet Explorer 6-9, CVE-2012-4792, with MS13-008. In addition to fixing the 0day vulnerability, the Java update changes the default security level setting from…

Categories:
Vulnerability Management
Tags:
, , , , ,
java7

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while…

Categories:
Vulnerability Management
Tags:
, , , , , ,
cisco

Cisco Unified IP Phone System Call Vulnerability

Disclosed January 9, 2013    Fully Patched
Vendors: Cisco
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
bigant

BigAnt IM Message Server Buffer Overflow

Disclosed January 9, 2013    Zeroday : 710 days
Vendors: BigAnt Software
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker

January 2013 Patch Tuesday: Patches, but none for the IE 0day!

Posted January 8, 2013    BeyondTrust Research Team

Happy New Year! Starting off 2013, we’ve got a critical vulnerability within the Windows Print Spooler, and we’re still seeing bugs surface in widely used software like MSXML, the .NET framework, and SSL/TLS. January’s Patch Tuesday greets us with seven patches, addressing 12 vulnerabilities across a spectrum of Microsoft software. Two of these bulletins are…

Categories:
Security Research
foxit

Foxit Reader Firefox Plugin Buffer Overflow

Disclosed January 7, 2013    Fully Patched
Vendors: Foxit Corporation
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
ieflaw

Another (sigh) IE Zero-Day

Posted December 30, 2012    BeyondTrust Research Team

Unfortunately, the security industry was not going to escape 2012 without seeing yet another zero-day vulnerability in Microsoft’s Internet Explorer. It has been discovered that a targeted attack, leveraging a zero-day in IE, has been posed against the Council on Foreign Relations Portal. The technical origin of the flaw is as follows: the vulnerability occurs…

Categories:
Vulnerability Management
Tags:
, , , , , ,
microsoft

Internet Explorer CButton Use-After-Free Vulnerability

Disclosed December 28, 2012    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
sclogoupdated_1448

BeyondTrust Named 2012 Industry Innovator by SC Magazine

Posted December 21, 2012    Sarah Lieber

We’re happy to announce that SC Magazine has recognized BeyondTrust as a 2012 Industry Innovator! Read the report here. What SC Magazine Says. “BeyondTrust is far more than a one-trick pony. The company’s creativity and drive to innovate is what keeps this organization at the forefront of its market. Like many companies, currently and in…

Categories:
General
Tags:
, , , , ,
wipers

Batchwiper: How I Learned to Worry Less and Love Least Privilege Security

Posted December 19, 2012    BeyondTrust Research Team

With news coming from Iran’s CERT of a nasty (but not really nasty) new piece of malware designed to wipe drives and desktop contents on a specific date, we took the straightforward approach of examining what common, easily implemented security best practices could have stopped Batchwiper in its tracks… As far as malware goes, Batchwiper…

Categories:
General