BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
sam2

Big Brother May Be Watching Sooner Than You Think

Posted October 26, 2011    Peter McCalister

I recently read an article talking about the US Government wanting to start monitoring regional internet traffic on a large scale as a way to predict human behavior. The article goes on to state this, “…could enable the prediction of economic crises, political unrest and revolutions…” Wow! Good luck with that.

Categories:
Vulnerability Management
Accidental Harm

Don’t Be The Next WikiLeaks

Posted October 25, 2011    Peter McCalister

Last year’s WikiLeaks scandal was an embarrassment for the government, drawing attention from every corner of the globe about the insecurity of its networks. Recently, President Obama ordered new computer security rules to government agencies handling classified information after months of investigating the events leading up to WikiLeaks.

Categories:
Security Research
trendmicro

Trend Micro IWSS 3.1 privilege escalation

Disclosed October 25, 2011    Fully Patched
Vendors: Trend Micro
Vulnerability Severity: High
Exploit Impact: Elevation of Privilege
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
Win 7 logo

AppLocker + Least Privilege = Magic

Posted October 24, 2011    Peter McCalister

Writing blogs at 2am sometimes, has me asking myself dumb questions like “should I use a mathematics or a magician’s metaphor to kick off todays blog?” Answering myself sometimes generates inspiration and sometimes just means the lazy way out, like today when I chose both.

Categories:
Privileged Account Management
cloudlock1

Duqu, Son of Stuxnet, Destroyer of Worlds!

Posted October 20, 2011    Marc Maiffret

So, as everyone has hopefully heard by now, the world is indeed coming to an end because of a new piece of malware dubbed Duqu. Duqu is supposed to be based off of Stuxnet and therefore it makes it the scariest thing in cyber space or, as FoxNews.com said, “Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?”

Categories:
General, Security Research
dunk

Slam Dunk

Posted October 20, 2011    Peter McCalister

There aren’t many things in enterprise IT security that are easy enough to do to be called a slam dunk, but I may have one for you. A recent study of IT managers and network administrators conducted by Amplitude Research on behalf of VanDyke Software, shows a growing concern about insider threats, particularly unauthorized access by current and former employees.

Categories:
Security Research
thumb_default

Another First to Market by eEye: Vulnerability Management for Virtual Apps

Posted October 20, 2011    Brad Hibbert

More and more organizations are implementing virtualized solutions to reduce cost and gain strategic flexibility. As such, eEye continues to enhance Retina’s virtualized scanning capabilities to provide insight over the risks these assets raise for the business.

Categories:
Vulnerability Management
book

Top 10 Reasons To Buy New Least Privilege Book

Posted October 19, 2011    Peter McCalister

While you work hard to keep the bad guys out, a trusted employee, contractor or partner, can cause more damage than any outside hacker could ever do. This book will help you prevent this nightmare scenario by showing you how “less is more” when it comes to protecting your network and information assets.

Categories:
General
cybersecurity1-resized-600.jpg

Time Is Of The Essence When Implementing Security Best Practices

Posted October 18, 2011    Peter McCalister

Six years ago the U.S. Government Accountability Office (GAO) criticized the IRS for lax security practices. Now it would seem that six years is plenty of time to get the right security policies in place, but while the IRS is showing progress, it has yet to remediate 65 of the 88 previously reported weaknesses – and now the most recent GAO audit has turned up 37 new weaknesses to add to the list. This news affects every tax-paying citizen in the U.S., as all of our information is at risk, and it’s a good example of why every organization needs to be paying attention to their own security policies.

Categories:
Security Research
skype

Skype Multiple 0day Vulnerabilities

Disclosed October 18, 2011    Zeroday : 1016 days
Vendors: Skype Limited
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker