BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
apple

OS X Lion Fails to Protect Users’ Password Hashes

Disclosed September 18, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability:
Categories:
Zeroday Tracker
cloud

Déjà Vu All Over Again

Posted September 16, 2011    Peter McCalister

Several months ago I commented on the 3 Pillars of Desktop Security – patch management, virus protection and least privilege. Reviewing our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities.

Categories:
Vulnerability Management
cloudlock-1

Automating Scanner Updates

Posted September 15, 2011    Morey Haber

Software is written by people and inevitably has mistakes and requires maintenance. This maintenance can be in the form of security updates to patch vulnerabilities, service packs and hot fixes to correct functional problems, and general maintenance to cover required updates for signatures and other time-dependent functions. When working with security solutions, detection methods often…

Categories:
Vulnerability Management
president

The US Government Wants to Secure Your Data. Well, Sort Of.

Posted September 14, 2011    Mike Puterbaugh

Earlier today, George Hulme reported on a recently-introduced piece of legislation, the Personal Data Protection and Breach Accountability Act of 2011 (or PDPBAA for short, which sounds like how my last is pronounced sometimes), geared toward protecting customer data from theft or loss. Senator Richard Blumenthal (D-CT) hopes that this new bill will “prevent and…

Categories:
General
patch-tuesday

Microsoft Patch Tuesday – September 2011

Posted September 14, 2011    Chris Silva

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Categories:
Vulnerability Management
dave2

Insider Threats Exist in Virtualized Environments Too!

Posted September 13, 2011    Peter McCalister

Disgruntled Dave is at it again! What happens when a disgruntled IT administrator deletes the contents of 15 virtual hosts (roughly equivalent to 88 different computer servers)? According to a recent eWeek article highlighting the incident – quite a bit! For the Japanese pharmaceutical company, the attack was so damaging that it froze operations for “a number of days, leaving employees unable to ship products, to cut checks or even communicate via email,” according to court documents. Estimated damages cost the company $800,000. For the disgruntled employee, he’s looking at the possibility of serving 10 years in prison when he is sentenced in November.

Categories:
Security Research
azeotech

AzeoTech DAQFactory Stack Overflow

Disclosed September 13, 2011    Fully Patched
Vendors: AzeoTech, Inc.
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
types-of-bone-fractures

An Ounce of Least Privilege Is Worth A Pound Of Compliance

Posted September 9, 2011    Peter McCalister

If an ounce of prevention is worth a pound of cure then an ounce of least privilege is worth a pound of compliance for your extended enterprise.

Categories:
Privileged Account Management
pbwd rules

How To Leverage MS SharePoint for UVM Reports

Posted September 8, 2011    Morey Haber

One of the most important facets regarding security is escalating data to the proper individuals in a timely manner. This is generally done using reports or some form of email alerts. In the context of reports, securing and proper distribution of the contents is just as important as the data contained within. In other words,…

Categories:
Privileged Account Management
pizza

Large Pepperoni Pizza With A Side Of Least Privilege

Posted September 7, 2011    Peter McCalister

One of America’s favorite food is pizza and for the household where both parents work, it’s also a favored “take out” salvation for the family dinner. Correspondingly, the average neighborhood pizza parlor can become a prime target for identity and credit card theft.

Categories:
Privileged Account Management