BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Posts Tagged ‘vulnerability’

img

Don’t say “Lockdown”!

Here at BeyondTrust, we have been fortunate to be able to speak with thousands of security professionals in dozens of industries, and it is astonishing how differently organizations assess risk and approach computer security. Some organizations are very strict about security and are able to completely lock down desktops. Others are significantly more lax about…

Post by Peter McCalister October 15, 2012
Tags:
, ,
weakcertificates-retina

Retina Helps Identify Weak Certificates

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254.  The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change…

Post by Jerome Diggs September 25, 2012
Tags:
, , , , ,
IE-0day

Mmm, Smells Like 0day

Just when you thought we were out of the woods, Internet Explorer 0day shows up, in the wild. Here’s what you need to know about the vulnerability: Internet Explorer 6, 7, 8, and 9 are vulnerable (UPDATE: Out-of-band patch available now!) Use-after-free when the CMshtmlEd object is deleted and then the same area in memory…

Post by BeyondTrust Research Team September 17, 2012
Tags:
, , , , , ,
scanner-ui

Xen Server Escape Exploit News

In today’s ever expanding virtualized data center it’s critical to ensure hypervisors/host systems are properly secured and patched to prevent bleed over into often dense populations of the corporate infrastructure.  According to a recent blog post on Threatpost, French research firm VUPEN security has revealed exploit code that takes advantage of a vulnerability in Xen…

Post by Jerome Diggs September 10, 2012
Tags:
, , , , , , , , , , , ,
img13

4 Tips to Identify, Patch & Report on the Oracle Java Vulnerability

Last week our security research team provided some very enlightening information on a nasty Oracle Java vulnerability that until recently was a zero-day.  Oracle provided a patch for the vulnerability found in advisory (CVE-2012-4681)  and as a follow-up to the blog post by our security research team we wanted to share with you some easy…

Post by Jerome Diggs September 7, 2012
Tags:
, , , , ,
Java-Logo

Java Pwns Everyone…Again.

Java has a nasty habit of getting you owned. This latest 0day is no exception to the long-lived trend of reliable Java-based exploitation. Here’s what you need to know: The current exploitation method being employed in the wild right now leverages two zero day flaws in Java. The first flaw leverages an implementation issue (logic bug) within ClassFinder.findClass(), which is only present in Java 7.

Post by BeyondTrust Research Team August 30, 2012
Tags:
, , , , , , , ,
blackholetoolkit1

BlackHole toolkit targets Microsoft XML Core Services flaw

Blackhole is a popular exploit kit used to inject malware onto PCs that visit an exploited site, or are redirected to such a site from another, compromised website.  As hackers get bolder they use these types of toolkits to compromise computer networks.  This allows less sophisticated individuals and organizations to compromise computer networks since these…

Post by Sarah Lieber August 1, 2012
Tags:
, , , , , , , ,
new-kids-on-the-block

Create custom audits for Android devices. Come on, all the cool kids are doing it.

Have you ever wanted to root your Android device, so you could be like all the other cool kids on the block? If you did your research, you learned that it makes it easier for attackers to keep their malware on your device, if it were to be infected, through the use of a rootkit….

Post by Carter Jones July 18, 2012
Tags:
, , , , , ,
retina-insight1-680x316

Exploitability in Context

Every year there are literally tens of thousands of new vulnerabilities discovered across the various software and hardware technologies we rely upon every day. Simple math would seem to dictate an impossible task to manage all of these vulnerabilities and to make the real-world, priority-based decisions on them. Vulnerability management is one thing, but for…

Post by Alejandro DaCosta March 28, 2012
Tags:
, , , , , , ,
cs_patch-view-680x484

Patching is Still a Challenge? Yup.

eEye has always taken a “zero gap” approach to our threat management product strategy. That thinking has been the driver for our market firsts in support for new technologies such as cloud, mobile, and virtualization vulnerability management. These new technologies bring tremendous benefits, but they also bring risks with them as well, which must be…

Post by Morey Haber March 14, 2012
Tags:
, , , , ,