BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
microsoft

Internet Explorer MHTML Mime-Formatted Request Vulnerability

Disclosed September 23, 2011    Zeroday : 1185 days
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
kindle

Sneak Peek: Free Mobility Scanning from eEye

Posted September 21, 2011    Brad Hibbert

With mobile devices and smart phones representing 40% of all mobile phones in the US, consumerization continues to blur the corporate boundary as employees expect and require consistent access to corporate services from wherever they are, on any device they’re using—desktops, laptops, tablets and smart phones. 

Categories:
General, Vulnerability Management
linux logo

Extending Password Policy To UNIX and Linux

Posted September 21, 2011    Peter McCalister

Our friends and colleagues at the Linux Foundation have been hit by a “brute force attack” and many of their sites have been taken down until the security breach is fully controlled.

Categories:
Security Research
villain trio

A Risk Worth Taking?

Posted September 20, 2011    Peter McCalister

It’s bad enough when an accidental insider threat compromises an organization’s security, but there’s something worse when it’s the result of a malicious past, or current employee, and according to the results of a recent survey, that’s something all employers should be worried about.

Categories:
Security Research
cisco

Cisco Identity Services Engine Database Default Credentials Vulnerability

Disclosed September 20, 2011    Fully Patched
Vendors: Cisco
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
Carl-resized-600

In Denial Over Insider Threats?

Posted September 19, 2011    Peter McCalister

Ever felt like if you could just ignore something, it would go away, disappear, self-correct? Guess what? The good news is you’re not alone. The bad news is that the company you’re keeping happens to be the majority of IT security professionals responsible for protecting corporate information assets.

Categories:
Security Research
apple

OS X Lion Fails to Verify Authentication Before Changing User Password

Disclosed September 18, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
apple

OS X Lion Fails to Protect Users’ Password Hashes

Disclosed September 18, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability:
Categories:
Zeroday Tracker
cloud

Déjà Vu All Over Again

Posted September 16, 2011    Peter McCalister

Several months ago I commented on the 3 Pillars of Desktop Security – patch management, virus protection and least privilege. Reviewing our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities.

Categories:
Vulnerability Management
cloudlock-1

Automating Scanner Updates

Posted September 15, 2011    Morey Haber

Software is written by people and inevitably has mistakes and requires maintenance. This maintenance can be in the form of security updates to patch vulnerabilities, service packs and hot fixes to correct functional problems, and general maintenance to cover required updates for signatures and other time-dependent functions. When working with security solutions, detection methods often…

Categories:
Vulnerability Management