BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
normanasa

Norman Security Suite 8 Kernel Pointer Dereference Vulnerability

Disclosed September 28, 2011    No Patch Available
Vendors: Norman ASA
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
cloud-security-img

Sneak Peek: Free Third-Party Application Patching

Posted September 27, 2011    Brad Hibbert

Third-party client side exploits continue to be a favored attack vector especially in widely deployed tools like Adobe Reader and Internet browsers. Recent studies show that third-party programs are responsible for 69% of the vulnerabilities on a typical endpoint.

Categories:
General, Vulnerability Management
Win 7

Another Reminder Why It’s Important to Eliminate Admin Rights

Posted September 27, 2011    Peter McCalister

According to a recent CNET News article, the hacker known as Comodohacker is now threatening to exploit Microsoft’s Windows Update service. This comes on the heels of Microsoft’s misstep of inadvertently offering an early look at the latest Patch Tuesday updates for 15 vulnerabilities in Windows, Office and Server products.

Categories:
Security Research
guy tie

Top Threat To Cloud Computing

Posted September 26, 2011    Peter McCalister

It seems as if every business and IT executive that I talk to lately literally has their “head in the clouds.” Every conversation about current or impending strategies for information assets almost universally contains some mention of a public, private or hybrid cloud deployment. A more interesting observation of these conversations is that the lure of liberating ourselves from the burden of managing applications and data shouldn’t mean we stop having high expectations about how those applications and data are managed.

Categories:
Vulnerability Management
irene2

Some Identities Are Worth More Than Others

Posted September 23, 2011    Peter McCalister

We may be all created equal, but some identities are worth more than others. I’m not just talking about Mark Zuckerberg or Bill Gates being worth more than the average Mark or Bill working across the hall from you. It turns out that identity thieves target patient health information more than standard social security identities for good reason.

Categories:
General
microsoft

Internet Explorer MHTML Mime-Formatted Request Vulnerability

Disclosed September 23, 2011    Zeroday : 1135 days
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
kindle

Sneak Peek: Free Mobility Scanning from eEye

Posted September 21, 2011    Brad Hibbert

With mobile devices and smart phones representing 40% of all mobile phones in the US, consumerization continues to blur the corporate boundary as employees expect and require consistent access to corporate services from wherever they are, on any device they’re using—desktops, laptops, tablets and smart phones. 

Categories:
General, Vulnerability Management
linux logo

Extending Password Policy To UNIX and Linux

Posted September 21, 2011    Peter McCalister

Our friends and colleagues at the Linux Foundation have been hit by a “brute force attack” and many of their sites have been taken down until the security breach is fully controlled.

Categories:
Security Research
villain trio

A Risk Worth Taking?

Posted September 20, 2011    Peter McCalister

It’s bad enough when an accidental insider threat compromises an organization’s security, but there’s something worse when it’s the result of a malicious past, or current employee, and according to the results of a recent survey, that’s something all employers should be worried about.

Categories:
Security Research
cisco

Cisco Identity Services Engine Database Default Credentials Vulnerability

Disclosed September 20, 2011    Fully Patched
Vendors: Cisco
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker