BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
xnsoft

XnView JXR IFD_ENTRY Processing Integer Overflow Vulnerability

Disclosed March 13, 2014    Zeroday : 192 days
Vendors: XnSoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
MAS-image

Addressing the MAS Technology Risk Management Guidelines with Privilege and Vulnerability Management

Posted March 12, 2014    Morey Haber

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and financial regulatory authority. The MAS frequently releases guidelines that address emerging technologies and evolving threat landscape. In June 2013, the MAS created an updated set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandates certain requirements for Technology Risk Management…

Categories:
Vulnerability Management
Tags:
, , , , ,
claws

Claws Mail Plugins Certificate Verification Vulnerabilities

Disclosed March 11, 2014    Zeroday : 194 days
Vendors: Claws
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
patch-tuesday

March 2014 Patch Tuesday

Posted March 11, 2014    BeyondTrust Research Team

March’s Patch Tuesday brings five patches to us, fixing Internet Explorer, DirectShow, Silverlight, kernel-mode drivers, and the Security Account Manager Remote Protocol. MS14-012 fixes 18 unique vulnerabilities, one of which has been publicly disclosed: CVE-2014-0322. This vulnerability has been exploited as early as January 20, 2014, being used in targeted attacks against visitors to the…

Categories:
Security Research
Tags:
, , ,
vmware

VMware ESXi NTP Denial of Service Vulnerability

Disclosed March 11, 2014    Zeroday : 194 days
Vendors: VMware
Vulnerability Severity: Low
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
luxoft

LuxCal 3.2.2 Cross Site Request Forgery / SQL Injection

Disclosed March 10, 2014    Zeroday : 195 days
Vendors: LuxSoft
Vulnerability Severity: Medium
Exploit Impact: SQL Injection
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
vbam-032014

Introducing Vulnerability-Based Application Management™ (VBAM)

Posted March 3, 2014    Morey Haber

RSA Conference 2014 saw the birth of a new acronym at the BeyondTrust booth: “VBAM” – otherwise known as Vulnerability-Based Application Management™. This patent-pending technology enforces least-privilege access based on an application’s known vulnerabilities, as well as their age, potential risk, and impact on regulatory compliance initiatives – and is currently included in the PowerBroker…

Categories:
Privileged Account Management
Tags:
, , ,
fitnesse

FitNesse Arbitrary Command Execution Vulnerability

Disclosed February 25, 2014    Zeroday : 208 days
Vendors: FitNesse
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
SCAPblog-img2

Going Beyond SCAP for Benchmark Compliance

Posted February 24, 2014    Morey Haber

SCAP configuration compliance assessments, commonly referred to as “Benchmark” assessments, are traditionally cumbersome tasks when multiple benchmarks have to be tested against multiple targets at the same time. For the vast majority of SCAP-certified tools, this means executing one benchmark at a time against a valid host(s) and reviewing the results. The same targets often…

Categories:
Privileged Account Management
Tags:
, , , , , ,

Congratulation to our January and February VEF Participants

Posted February 20, 2014    Qui Cao

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Categories:
Vulnerability Management