BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
einstein

Call it Genius. Our Smart Groups Make Vulnerability Management Simple for Security Teams

Posted April 20, 2012    Morey Haber

eEye R&D has been hard at work on optimizing how our enterprise clients can manage and schedule assessments within Retina CS. These efforts will increase the efficiency of how our clients perform assessments across their IT infrastructure – be it their traditional server or desktop assets, or new technologies like mobile, virtual and cloud.

Categories:
Vulnerability Management
Tags:
, , , , , ,
microsoft

Microsoft Visual Studio Linker Vulnerability

Disclosed April 20, 2012    No Patch Available
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
python

Python Hash Collision Denial of Service Vulnerability

Disclosed April 19, 2012    Fully Patched
Vendors: Python
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
PBSE

The Key to Controlling Privileged User Activity? Centralize!

Posted April 18, 2012    Peter McCalister

Those of you who follow my blogs know that sudo – and the issues it presents IT organizations – is one of my favorite discussion topics. I suppose that’s because there is no shortage of stories that surface on a regular basis on the problems that can arise with sudo, and I feel compelled to…

Categories:
General
oracle

Oracle Database TNS Session Hijack

Disclosed April 18, 2012    Fully Patched
Vendors: Oracle
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
img

Insider Threats: What Can Be Done?

Posted April 17, 2012    Peter McCalister

IT security tends to focus on securing the network from external attacks, but little attention is given to malicious activity and human error within the company. According to InformationWeek’s 2012 Strategic Survey, company employees pose just as much of a threat as cyber thieves. How can this be addressed? A recent article by Dark Reading…

Categories:
General
img

eEye’s Patch Tuesday Assessment Now Available On Demand

Posted April 13, 2012    Sarah Lieber

Miss our live VEF webinar earlier this week? In case you did, I’ve put all of the content together for you below. Enjoy!

Categories:
Security Research
Tags:
, , , , ,
charliesheen-winning

March VEF Participant Wins a Kindle Fire

Posted April 11, 2012    Sarah Lieber

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to…

Categories:
Security Research
Tags:
, , , , ,
patch-tuesday

Microsoft Patch Tuesday – April 2012

Posted April 10, 2012    Chris Silva

April is upon us, and for Patch Tuesday Microsoft delivered six security bulletins, patching a total of eleven vulnerabilities. MS12-027 is the most urgent, as Microsoft has rated it critical and has stated that there are targetted attacks leveraging this vulnerability – patch this one first.

Categories:
Security Research
insiderbreachlawsuit

People are Less Forgiving of Insider Threats than Outside Hacks

Posted April 6, 2012    Peter McCalister

A new study says that people are more likely to file a lawsuit against a company that experienced a data breach if that breach was the result of unauthorized disclosure or disposal of data than if the breach happened due to an outside hack. The study, titled Empirical Analysis of Data Breach Litigation, says “plaintiffs…

Categories:
General