BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

April, 2012

img

Insider Threats: What Can Be Done?

Posted April 17, 2012    Peter McCalister

IT security tends to focus on securing the network from external attacks, but little attention is given to malicious activity and human error within the company. According to InformationWeek’s 2012 Strategic Survey, company employees pose just as much of a threat as cyber thieves. How can this be addressed? A recent article by Dark Reading…

img

eEye’s Patch Tuesday Assessment Now Available On Demand

Posted April 13, 2012    Sarah Lieber

Miss our live VEF webinar earlier this week? In case you did, I’ve put all of the content together for you below. Enjoy!

Tags:
, , , , ,
charliesheen-winning

March VEF Participant Wins a Kindle Fire

Posted April 11, 2012    Sarah Lieber

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to…

Tags:
, , , , ,
patch-tuesday

Microsoft Patch Tuesday – April 2012

Posted April 10, 2012    Chris Silva

April is upon us, and for Patch Tuesday Microsoft delivered six security bulletins, patching a total of eleven vulnerabilities. MS12-027 is the most urgent, as Microsoft has rated it critical and has stated that there are targetted attacks leveraging this vulnerability – patch this one first.

insiderbreachlawsuit

People are Less Forgiving of Insider Threats than Outside Hacks

Posted April 6, 2012    Peter McCalister

A new study says that people are more likely to file a lawsuit against a company that experienced a data breach if that breach was the result of unauthorized disclosure or disposal of data than if the breach happened due to an outside hack. The study, titled Empirical Analysis of Data Breach Litigation, says “plaintiffs…

dell

Quest Toad ActiveX Vulnerability

Disclosed April 5, 2012    Workaround Available
Vendors: Quest Software (Dell)
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
dell

Quest vWorkspace “pnllmcli.dll” ActiveX Arbitrary Overwrite Vulnerability

Disclosed April 5, 2012    Workaround Available
Vendors: Quest Software (Dell)
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
vista-patch-bandaid-sp1

Firewalls Not Preventing Data Breaches? Try a Dose of Least Privilege

Posted April 4, 2012    Peter McCalister

An article was published last month indicating a malware-infected computer at ConnecticutCollege was the cause of the breach of 18,000 social security numbers of teachers, employees, and student workers. According to the report, “a computer in the CCSU business office was infected in December, and sat on the system for eight days before it was…

HawaiiCommunity

The Least Privilege Ecosystem

Posted April 3, 2012    Peter McCalister

It took Hawaii Community Federal Credit Union nearly one year to notify its members of a data breach, which involved employees improperly accessing customer names, addresses and the last four digits of their Social Security numbers. As a result of the data breach, the credit union plans to have employees participate in a new training…

Virtual Sprawl PowerBroker Severs Enterprise

Virtual Machines Sprouting in Your Datacenter Require Security and Control

Posted April 2, 2012    Peter McCalister

Are your virtual machines like weeds that continue to pop up everywhere? This is often referred to as virtual machine (VM) sprawl. VM sprawl can weaken your security posture, making your systems vulnerable to both external and internal threats. In Subbu’s blog last week, he discussed how advanced persistent threats (APT) can utilize privileged access…