Archive for March, 2013
Least Privilege and South Korea
No, this isn’t some editorial piece about the interrelationships of varying social strata in South Korean society and Gangnam Style. Despite how interesting that may be, we are instead taking a quick look at the latest “wiper” malware to strike fear in the hearts of CTOs and IT admins alike – DarkSeoul (or Jokra or…
Creating a Gold Image SCAP Template for Windows
One of the challenges of Benchmark Configuration management is creating or modifying SCAP OVAL content to match your business policies and requirements. The following procedure is recommended to create custom Windows benchmarks for the Retina Network Security Scanner and Retina CS via local system policy, Local GPO, and Microsoft Security and Compliance Manager. For starters,…
University of Winchester secures its applications with the help of BeyondTrust
A PowerBroker for Windows customer, University of Winchester, was recently highlighted in the Spring 2013 Government and Public Sector Journal (GPSJ). GPSJ is a great source for professionals in the government & public sectors, and informs them of the latest breaking news and exclusive footage. We are very happy and proud of our customer being…
March VEF Participant Wins a Kindle Fire
As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…
BeyondTrust CTO sits down with IT Harvest’s Richard Steinnon
BeyondTrust’s CTO, Marc Maiffret, recently sat down with IT Harvest’s Richard Steinnon to discuss a wide range of topics surrounding the security industry today, including the accelerated rate of attacks we’re currently seeing, what our customers are doing to protect themselves, and they even discuss BeyondTrust’s new tagline, Beyond Traditional Security and what that means…
March 2013 Patch Tuesday: Cleaning House
Patch Tuesday is upon us and this month, Microsoft is doing a little spring cleaning of vulnerabilities, fixing a well-rounded collection of client-side vulnerabilities, along with a few server-side vulnerabilities for good measure. This month, the affected software includes Internet Explorer, Silverlight, Visio Viewer, SharePoint, OneNote, Outlook for Mac, and a Windows kernel-mode driver. In…
Oracle’s Java Hates Least-Privilege
Recently, there has been a lot of commentary and discussions about what to do about the state of security and the seemingly endless attacks that we are facing. There are, of course, many recommendations that are being made at a governmental level of how best to approach this problem through the use of information sharing…
sudo authentication bypass when clock is reset
A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on seclist.org and threatpost.com. What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which…
