BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
microsoft

Duqu – Vulnerability in TrueType Font Parsing Elevation of Privilege

Disclosed October 14, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
guy laptop

Protecting Yourself and Satisfying Auditors With Least Privilege

Posted October 13, 2011    Peter McCalister

Within the complex world of IT infrastructure exists a vitally important group of people: those charged with administering a company’s most critical assets and protecting its most sensitive data. They are known as privileged users, and by definition they possess a collection of access rights reserved only for those a company has entrusted with significant responsibility in safeguarding not just data, but also brand reputation, customer trust, and sustained revenue.

Categories:
Privileged Account Management
book

The Best New IT Security Book You Have To Buy Now!

Posted October 12, 2011    Peter McCalister

Okay, so I am a bit biased since I am one of the co-authors of this book published by Apress Media, but in the spirit of full disclosure this is an independent industry view on mitigating insider threats across physical, virtual and cloud infrastructure and doesn’t even mention BeyondTrust.

Categories:
Privileged Account Management
microsoft

Microsoft Publisher 2007 pubconv.dll Memory Corruption Vulnerability

Disclosed October 12, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
vmware

VMware ESXi and ESX Multiple Vulnerabilities

Disclosed October 12, 2011    No Patch Available
Vendors: VMware
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
patch-tuesday

Microsoft Patch Tuesday – October 2011

Posted October 11, 2011    Chris Silva

Welcome to another exciting episode of Patch Tuesday, where Microsoft has released a total of 8 bulletins concerning 23 CVEs. 2 bulletins are rated as critical, mostly covering issues within Internet Explorer, while the rest are not as riveting.

Categories:
Security Research
guy tie

Insiders Run Rampant in Healthcare and Financial Services Industries

Posted October 11, 2011    Peter McCalister

Most consumers don’t blink an eye when they’re asked to provide their social security number to a healthcare or banking professional. We place complete trust into the hands of these individuals, yet employees within financial services and healthcare industries perhaps are the most notorious for snooping and disclosing sensitive information.

Categories:
General
img-android

Android Handset Makers – Adding Value or Vulnerabilities?

Posted October 10, 2011    The eEye Research Team

So many things in life can cause perception to over take reality and one great example of that is as it relates to Google’s Android security. Android itself is a very robust and security minded operating system backed by one of the best security research teams in the business. One of the big things that…

Categories:
Vulnerability Management
Tags:
, ,
Intentional Harm

Speaking of Human Nature, Desktop Computing And Least Privilege

Posted October 10, 2011    Peter McCalister

Indeed, people are known to behave differently inside and outside of the office, where the culture is different. Lines between professional and home life become blurred, and people take the suit off at home, log in in their shorts, but that doesn’t mean they should take their corporate hat off, as well. But what is the answer? Eliminating administrator rights without allowing for the elevation of certain job-necessary privileges is not the answer. Locking down a system is like asking everyone to raise his or her hand to go to the bathroom, – it shows the downside of mistrusting human nature.

Categories:
Privileged Account Management
opera

Opera Browser SVG Layout Memory Corruption

Disclosed October 10, 2011    No Patch Available
Vendors: Opera Software
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker