BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
dell

Quest vWorkspace “pnllmcli.dll” ActiveX Arbitrary Overwrite Vulnerability

Disclosed April 5, 2012    Workaround Available
Vendors: Quest Software (Dell)
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
dell

Quest Toad ActiveX Vulnerability

Disclosed April 5, 2012    Workaround Available
Vendors: Quest Software (Dell)
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
vista-patch-bandaid-sp1

Firewalls Not Preventing Data Breaches? Try a Dose of Least Privilege

Posted April 4, 2012    Peter McCalister

An article was published last month indicating a malware-infected computer at ConnecticutCollege was the cause of the breach of 18,000 social security numbers of teachers, employees, and student workers. According to the report, “a computer in the CCSU business office was infected in December, and sat on the system for eight days before it was…

Categories:
General
HawaiiCommunity

The Least Privilege Ecosystem

Posted April 3, 2012    Peter McCalister

It took Hawaii Community Federal Credit Union nearly one year to notify its members of a data breach, which involved employees improperly accessing customer names, addresses and the last four digits of their Social Security numbers. As a result of the data breach, the credit union plans to have employees participate in a new training…

Categories:
General
Virtual Sprawl PowerBroker Severs Enterprise

Virtual Machines Sprouting in Your Datacenter Require Security and Control

Posted April 2, 2012    Peter McCalister

Are your virtual machines like weeds that continue to pop up everywhere? This is often referred to as virtual machine (VM) sprawl. VM sprawl can weaken your security posture, making your systems vulnerable to both external and internal threats. In Subbu’s blog last week, he discussed how advanced persistent threats (APT) can utilize privileged access…

Categories:
General
dell

Quest InTrust ActiveX Multiple Vulnerabilites

Disclosed March 30, 2012    Workaround Available
Vendors: Quest Software (Dell)
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
retina-insight1-680x316

Exploitability in Context

Posted March 28, 2012    Alejandro DaCosta

Every year there are literally tens of thousands of new vulnerabilities discovered across the various software and hardware technologies we rely upon every day. Simple math would seem to dictate an impossible task to manage all of these vulnerabilities and to make the real-world, priority-based decisions on them. Vulnerability management is one thing, but for…

Categories:
Vulnerability Management
Tags:
, , , , , , ,
Lockdown

Nefarious and Angry Employees Still a Primary Threat to Organizations

Posted March 26, 2012    Peter McCalister

A new Ponemon study reports that the number of data breaches caused by malicious attacksincreased from 31 percent in 2010 to 37 percent in 2011, with malicious insiders being responsible for 33 percent of attacks. In the report Ponemon states, “We think about the evil hacker, which is pretty serious stuff, but in our study,…

Categories:
General
cloudlock1

Least Privilege Can Reduce Malware

Posted March 23, 2012    Peter McCalister

If you’re like most companies, you’ve invested heavily in antivirus software. But are you still having to deal with the latest viruses, trojans, and ransomware? Are you having to wait until your AV provider can fix the latest bugs and get you the cure, while your network is left open and unprotected? Instead of asking…

Categories:
General
perimeter within

Security from Data Breaches Start from Within

Posted March 22, 2012    Peter McCalister

Keeping the bad guys out is what comes to mind for a lot of us when we think of securing our companies’ IT environment. And to be honest, this mindsit might very well be the reason we hear about so many data breaches. Companies are getting hit with breach and breach of sensitive information despite…

Categories:
General