BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
ico-pbmobile

Close Your Virtual App Security Gap

Posted November 3, 2011    Mike Puterbaugh

Virtual apps, and specifically those deployed by market leading VMware’s ThinApp technology, are becoming increasingly popular in the financial services and healthcare-related fields, as well as with government agencies.   Why?  The technology allows IT teams easily streamline application mobility and eliminate application conflicts on the desktop, which at the end of the day, means…

Categories:
Privileged Account Management
Tags:
,
numbers

It’s the Little Things That Count

Posted November 3, 2011    Peter McCalister

As we discussed several times, enterprise IT security isn’t easy. As recent article at Dark Reading makes clear, part of the reason is that even the smallest flaw can lead to a major security breach.

Categories:
Vulnerability Management
villain trio

13 Data Breaches Preventable WIth Least Privilege

Posted November 2, 2011    Peter McCalister

Most companies fear the cost of data breaches more than anything, while others fear the embarassing negative publicity wich can have even great negative impact on their organization when misuse of privilege makes the national news.

Categories:
Privileged Account Management
apache

Apache HTTP Server ap_pregsub() buffer overflow

Disclosed November 2, 2011    Fully Patched
Vendors: Apache Software Foundation
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
guy laptop

Why To Consider Partners As Potential Insider Threats Too

Posted November 1, 2011    Peter McCalister

In early September BeyondTrust CMO Brian Anderson covered the news around Stanford Hospital & Clinics medical privacy breach that resulted in 20,000 patients’ personal data being publicly available on a website for nearly a year. At the time the breach was first reported by The New York Times, it was unclear how the data made it onto the website.

Categories:
Vulnerability Management
Lockdown

Data Breaches…And How Insiders Affect Them

Posted October 31, 2011    Peter McCalister

With all the data breaches in the news these days, security is definitely a hot topic in the information technology community. Preventing risks and threats is the core of keeping information, and ultimately people, safe.

Categories:
Vulnerability Management
slam dunk

Uncontested Lay Up

Posted October 27, 2011    Peter McCalister

Last week talked about the basics of how you can address the risk of insider attacks from former employees. A recent study of IT managers and network administrators conducted by Amplitude Research on behalf of VanDyke Software, shows a growing concern about insider threats, particularly unauthorized access by current and former employees. Unauthorized access by current and former employees was cited by 11% of the survey respondents, as a reason cited network intrusions, the 4th most frequent response.

Categories:
Security Research
sam2

Big Brother May Be Watching Sooner Than You Think

Posted October 26, 2011    Peter McCalister

I recently read an article talking about the US Government wanting to start monitoring regional internet traffic on a large scale as a way to predict human behavior. The article goes on to state this, “…could enable the prediction of economic crises, political unrest and revolutions…” Wow! Good luck with that.

Categories:
Vulnerability Management
Accidental Harm

Don’t Be The Next WikiLeaks

Posted October 25, 2011    Peter McCalister

Last year’s WikiLeaks scandal was an embarrassment for the government, drawing attention from every corner of the globe about the insecurity of its networks. Recently, President Obama ordered new computer security rules to government agencies handling classified information after months of investigating the events leading up to WikiLeaks.

Categories:
Security Research
trendmicro

Trend Micro IWSS 3.1 privilege escalation

Disclosed October 25, 2011    Fully Patched
Vendors: Trend Micro
Vulnerability Severity: High
Exploit Impact: Elevation of Privilege
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker