BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
flash-logo

Adobe Patches Zero-Day Flaw Being Exploited in the Wild

Posted January 22, 2015    BeyondTrust Research Team

Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled”…

Categories:
Network Security, Security Research, Vulnerability Management
Tags:
, , , , ,

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 2 of 2)

Posted January 22, 2015    Scott Lang

In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report…

Categories:
Privileged Account Management
Tags:
, , , ,
Larry-Brock-CISO

Basic Blocking and Tackling for Defending Against Advanced Targeted Attacks

Posted January 22, 2015    Larry Brock

With football season at its pinnacle at both the college and professional levels, the best teams continually focus on the fundamentals that make them successful. In security, we need to do the same.  It is okay for us to have a few key plays, especially in certain industries where we have to focus on unique…

Categories:
Privileged Account Management
Tags:
, , , , ,
randy franklin smith

Beyond Root: Securing Privileged Access in Linux

Posted January 20, 2015    Randy Franklin Smith

Like UNIX, at its core, Linux’s security model is basically monolithic – you either have root access or you don’t. But root access is too powerful for so many reasons; routinely using the actual root account – while easy and still frighteningly common – is so dangerous it borders on negligent. Auditors know about root…

Categories:
Privileged Account Management
Tags:
, , , , , ,
Capture

MS15-002 Detection

Posted January 16, 2015    BeyondTrust Research Team

MS15-002 was one of the more interesting patches this month.  As such, we spent quite a bit of time on it.  But alas, it appears as though a pretty thorough analysis has already been posted at WooYun (http://drops.wooyun.org/papers/4621) which mostly aligns with our analysis of the issue. We believe this issue to be difficult to exploit…

Categories:
Network Security, Security Research
Tags:
patch-tuesday

January 2015 Patch Tuesday

Posted January 14, 2015    BeyondTrust Research Team

Starting off the new year, Microsoft directs its focus more toward user rights and access. For the majority of bulletins, an attacker would need some form of authentication prior to elevating their privileges. Aside from these, the most notable vulnerability lies within an old friend named Telnet, which even the newer versions of windows are…

Categories:
General, Network Security, Security Research, Vulnerability Management
Tags:
,

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 1 of 2)

Posted January 12, 2015    Scott Lang

Before we start, let’s agree on three fundamental principles of protecting data: 1. Data is the most valuable asset your organization has (besides the folks who work for you anyway) 2. Data is like water – it will find the path of least resistance out of its current location 3. Based on its value and…

Categories:
Privileged Account Management
Tags:
, ,
jeremy-moskowitz

Active Directory Recycle Bin: What is it, and how can I use it?

Posted January 5, 2015    Jeremy Moskowitz

Remember the Windows 95 Recycle Bin? It was a big leap forward to recovering “deleted” files. Well, it turns out that Active Directory has it’s own Recycle Bin for users, groups and computers, and it’s called… wait for it.. the Active Directory Recycle Bin. Here’s the good news about the Active Directory Recycle bin: *…

Categories:
Privileged Account Management
Tags:
, , , ,
gwindows_logo

Git’s Case-Insensitive Discrepancies: Exploiting GitHub For Windows And Microsoft Visual Studio (still affected)

Posted December 23, 2014    BeyondTrust Research Team

A vulnerability within Git has been recently announced concerning the case-insensitive nature of the Windows file system. This vulnerability is unique in that fact that an attacker does have the ability to execute arbitrary code, however conventional exploitation methods, such as memory corruption, is not required. This article explores two ways to execute arbitrary, attacker…

Categories:
Network Security, Security Research
Tags:
, , , ,
Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Categories:
General, Privileged Account Management, Security Research, Vulnerability Management
Tags:
, , , , ,