BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent…

Categories:
Privileged Account Management
Tags:
, , , , , , ,
patch-tuesday

May 2014 Patch Tuesday

Posted May 13, 2014    BeyondTrust Research Team

May’s Patch Tuesday contains eight bulletins addressing 13 issues, fixing Internet Explorer, SharePoint Server, Office, Group Policy Preferences, Windows, the .NET Framework, and iSCSI. MS14-022 fixes three vulnerabilities in Microsoft SharePoint Server, the worst of which could be used to execute arbitrary code on a targeted SharePoint server. The attacker would need to be authenticated…

Categories:
Security Research
Tags:
, , ,
zeroday-default

CH Radyo 2 Cross-Site Scripting Vulnerability

Disclosed May 4, 2014    Zeroday : 230 days
Vendors: CH Radyo
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
oracle-software-delivery-cloud

Accelerate and Simplify Deployment of PowerBroker Privilege Management Solutions with Oracle VM Templates

Posted May 1, 2014    Chris Burd

On April 17th, Oracle and BeyondTrust experts Doan Nguyen and Paul Harper shared how leveraging Oracle VM Templates can automate and simplify the deployment of the PowerBroker for UNIX & Linux privilege management solution across your IT environment. See below for an embedded, on-demand recording of the webcast. Oracle and BeyondTrust Team Up The partnership…

Categories:
General
Tags:
, , , , , , , ,
Cybozu

Cybozu Garoon API Security Bypass

Disclosed April 30, 2014    Zeroday : 234 days
Vendors: Cybozu
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker

Internet Explorer 0day: CVE-2014-1776

Posted April 29, 2014    BeyondTrust Research Team

Over the weekend, on April 26, Microsoft released an advisory about an Internet Explorer use-after-free zeroday vulnerability, CVE-2014-1776, that is being exploited in the wild. The vulnerability lies within MSHTML.dll, and affects Internet Explorer 6 through 11. According to FireEye, attacks have been spotted in the wild targeting Internet Explorer 9 through 11. The observed…

Categories:
General
Tags:
, , , ,
microsoft

Internet Explorer Use-After-Free

Disclosed April 26, 2014    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Privately Available
Categories:
Zeroday Tracker
PBW-cricklewood sample RCS

Managing Rules the Easy Way with PowerBroker for Windows Collections

Posted April 25, 2014    Morey Haber

One of the least-known secrets about PowerBroker for Windows is the ability to create logical groups of rules, or “collections.” Rules automate the actions taken by PowerBroker to enforce system and application access policies on Windows servers and desktops. In addition to making it easy to manage rules, collections enable you to enforce parent rules…

Categories:
New Features, Privileged Account Management
Tags:
, , , , , , , ,

April VEF Participant Wins a Apple iPad mini

Posted April 24, 2014    Qui Cao

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Categories:
Vulnerability Management
cfos

cFos 3.09 Denial of Service

Disclosed April 24, 2014    Zeroday : 240 days
Vendors: cFos
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker