BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for March, 2013

lucy2

Least Privilege and South Korea

No, this isn’t some editorial piece about the interrelationships of varying social strata in South Korean society and Gangnam Style. Despite how interesting that may be, we are instead taking a quick look at the latest “wiper” malware to strike fear in the hearts of CTOs and IT admins alike – DarkSeoul (or Jokra or…

Post by BeyondTrust Research Team March 26, 2013
Tags:
, , , ,
BeyondTrust is the expert source of VMware Security LEARN MORE
retinacs-img9

Creating a Gold Image SCAP Template for Windows

One of the challenges of Benchmark Configuration management is creating or modifying SCAP OVAL content to match your business policies and requirements. The following procedure is recommended to create custom Windows benchmarks for the Retina Network Security Scanner and Retina CS via local system policy, Local GPO, and Microsoft Security and Compliance Manager. For starters,…

Post by Bill Tillson March 21, 2013
Tags:
, , , ,
university-winchester

University of Winchester secures its applications with the help of BeyondTrust

A PowerBroker for Windows customer, University of Winchester, was recently highlighted in the Spring 2013 Government and Public Sector Journal (GPSJ). GPSJ is a great source for professionals in the government & public sectors, and informs them of the latest breaking news and exclusive footage. We are very happy and proud of our customer being…

Post by Sarah Lieber March 20, 2013
Tags:
, , ,

March VEF Participant Wins a Kindle Fire

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization…

Post by Qui Cao March 19, 2013
572884_503436863_124962594_n

BeyondTrust CTO sits down with IT Harvest’s Richard Steinnon

BeyondTrust’s CTO, Marc Maiffret, recently sat down with IT Harvest’s Richard Steinnon to discuss a wide range of topics surrounding the security industry today, including the accelerated rate of attacks we’re currently seeing, what our customers are doing to protect themselves, and they even discuss BeyondTrust’s new tagline, Beyond Traditional Security and what that means…

Post by Mike Puterbaugh March 17, 2013
Tags:
, , , , , , , , ,
patch-tuesday

March 2013 Patch Tuesday: Cleaning House

Patch Tuesday is upon us and this month, Microsoft is doing a little spring cleaning of vulnerabilities, fixing a well-rounded collection of client-side vulnerabilities, along with a few server-side vulnerabilities for good measure. This month, the affected software includes Internet Explorer, Silverlight, Visio Viewer, SharePoint, OneNote, Outlook for Mac, and a Windows kernel-mode driver. In…

Post by BeyondTrust Research Team March 12, 2013
Tags:
, , , ,
java_update_screen

Oracle’s Java Hates Least-Privilege

Recently, there has been a lot of commentary and discussions about what to do about the state of security and the seemingly endless attacks that we are facing. There are, of course, many recommendations that are being made at a governmental level of how best to approach this problem through the use of information sharing…

Post by Marc Maiffret March 8, 2013
Tags:
, , ,
clock-reset

sudo authentication bypass when clock is reset

A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on seclist.org and threatpost.com. What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which…

Post by Rod Simmons March 7, 2013
Tags:
, , , ,