BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
img

Post-Password Predictions And What They Mean For You

Posted January 18, 2012    Peter McCalister

The list of problems with passwords has been documented over and over again: Users keeping spreadsheets of their personal passwords, using ordinary everyday words, keeping their passwords on sticky notes, or constantly harassing the IT department for help with forgotten passwords–the list goes on and on. Even clever password creation and rating sites have been…

Categories:
General
president

Follow The Leader? Or Face Insider Threats…

Posted January 17, 2012    Peter McCalister

It has been nearly six years since the inception of WikiLeaks, yet the U.S. government has just begun to identify methods to combat insider threats within the military. In October, President Obama established an “Insider Threat Task Force” to help prevent potentially damaging and embarrassing exposure of government secrets. He also unveiled new computer security…

Categories:
General
cloudlock-1

Trust Alone Is Not Enough According To Survey

Posted January 16, 2012    Peter McCalister

A recent survey done by a BeyondTrust swat team passing out surveys received over 111 responses all to find out if people trust their cloud vendors with their data. If you haven’t read it, we also participated in a great TechDebate with NetworkWorld that put the issue of cloud security to the test. We went…

Categories:
General
gangs as inside threat

Gangs Infiltrating Companies As Insiders To Steal Idenities

Posted January 13, 2012    Peter McCalister

It was only a matter of time before organized gangs would discover how easy it is for an insider to gain access to sensitive data and realize that if you can’t beat them, join them. A recent blog titled “NY ID Theft Ring Used Insiders, Gang Members” published by Brian Krebs highlights that “Authorities in…

Categories:
General
bridge-france-resized-600.jpg

Active Directory Bridge – A Path To PCI Compliance

Posted January 12, 2012    Peter McCalister

What is an Active Directory Bridge and how does it help me with PCI compliance? What is an Active Directory Bridge? First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the…

Categories:
General
mcafee

McAfee SaaS ActiveX “ShowReport()” Command Injection Vulnerability

Disclosed January 12, 2012    Workaround Available
Vendors: McAfee
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
monster under bed

If I Duck My Head Under This Blankie, The Monsters Can’t Get Me

Posted January 11, 2012    Peter McCalister

Remember when we were kids and we’d hear a strange noise from the other room, or the closet. Maybe it was after your parents finally let you watch that movie you promised wouldn’t give you nightmares. Back then nothing could get us, so long as we hid under out blankets. But we had to do…

Categories:
General
lizardtech

ExpressView SID Processing Remote Code Execution Vulnerability

Disclosed January 11, 2012    Zeroday : 993 days
Vendors: LizardTech
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
patch-tuesday

Microsoft Patch Tuesday – January 2012

Posted January 10, 2012    Chris Silva

Before we get started on this month’s releases, just a quick reminder that Microsoft released an out-of-band (OOB) security bulletin (MS11-100) late last month. That brought their 2011 total to 100 bulletins – so much for keeping it in double digits. To start off the new year, today Microsoft released seven bulletins. Microsoft finally tamed…

Categories:
Security Research
villain trio

Healthcare Data Breaches Thanks To Insiders

Posted January 10, 2012    Peter McCalister

A Ponemon Institute report published this month found that healthcare data breaches have risen 32 percent since 2010. Ninety-six percent of all healthcare providers say they have had at least one data breach in the last two years and that most of these were due to employee mistakes and sloppiness, while 46 percent of respondents…

Categories:
General