BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

Accidental Harm

Don’t Be The Next WikiLeaks

Posted October 25, 2011    Peter McCalister

Last year’s WikiLeaks scandal was an embarrassment for the government, drawing attention from every corner of the globe about the insecurity of its networks. Recently, President Obama ordered new computer security rules to government agencies handling classified information after months of investigating the events leading up to WikiLeaks.

cloudlock1

Duqu, Son of Stuxnet, Destroyer of Worlds!

Posted October 20, 2011    Marc Maiffret

So, as everyone has hopefully heard by now, the world is indeed coming to an end because of a new piece of malware dubbed Duqu. Duqu is supposed to be based off of Stuxnet and therefore it makes it the scariest thing in cyber space or, as FoxNews.com said, “Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?”

dunk

Slam Dunk

Posted October 20, 2011    Peter McCalister

There aren’t many things in enterprise IT security that are easy enough to do to be called a slam dunk, but I may have one for you. A recent study of IT managers and network administrators conducted by Amplitude Research on behalf of VanDyke Software, shows a growing concern about insider threats, particularly unauthorized access by current and former employees.

cybersecurity1-resized-600.jpg

Time Is Of The Essence When Implementing Security Best Practices

Posted October 18, 2011    Peter McCalister

Six years ago the U.S. Government Accountability Office (GAO) criticized the IRS for lax security practices. Now it would seem that six years is plenty of time to get the right security policies in place, but while the IRS is showing progress, it has yet to remediate 65 of the 88 previously reported weaknesses – and now the most recent GAO audit has turned up 37 new weaknesses to add to the list. This news affects every tax-paying citizen in the U.S., as all of our information is at risk, and it’s a good example of why every organization needs to be paying attention to their own security policies.

patch-tuesday

Microsoft Patch Tuesday – October 2011

Posted October 11, 2011    Chris Silva

Welcome to another exciting episode of Patch Tuesday, where Microsoft has released a total of 8 bulletins concerning 23 CVEs. 2 bulletins are rated as critical, mostly covering issues within Internet Explorer, while the rest are not as riveting.

galileo

The Road To The Truth About Insider Threats

Posted October 4, 2011    Peter McCalister

New research from the Ponemon Institute was released this week, indicating that the majority of executives have a ways to go before they discover the staggering truth about the dangers of insider threats. The study says only 16 percent of respondents indicated that CEOs and other C-level executives acknowledge the dangers of insider fraud as significant. This statistic is a little shocking, given the volume of news stories published on an almost daily basis involving insider threats and the staggering financial effects they can have on an organization.

os lion

Closing the Password Security Loophole on Mac OS X 10.7

Posted September 30, 2011    Peter McCalister

More and more Macs are cropping up in enterprise IT environments. Studies have shown as much as 94.7% growth in the “very large business” category. It’s no secret that Apple has been on a tear in the consumer markets, and the enterprise market is not far behind.

wargames

War Games III: Identity Thief Irene Controls Your Missiles

Posted September 28, 2011    Peter McCalister

In 1983 Hollywood unleashed a movie called War Games that showed what a determined hacker could do if they (even accidentally) attained privileges to a military computer. The movie got good reviews and even raised an eyebrow or two on the possibilities of misuse of privilege on specific information technology, but eventually, like most tinsel town products, was retreaded into a sequel 2008 called War Games: The Dead Code which failed miserably.

Win 7

Another Reminder Why It’s Important to Eliminate Admin Rights

Posted September 27, 2011    Peter McCalister

According to a recent CNET News article, the hacker known as Comodohacker is now threatening to exploit Microsoft’s Windows Update service. This comes on the heels of Microsoft’s misstep of inadvertently offering an early look at the latest Patch Tuesday updates for 15 vulnerabilities in Windows, Office and Server products.

linux logo

Extending Password Policy To UNIX and Linux

Posted September 21, 2011    Peter McCalister

Our friends and colleagues at the Linux Foundation have been hit by a “brute force attack” and many of their sites have been taken down until the security breach is fully controlled.