BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
microsoft

Microsoft Windows RtlQueryRegistryValues Local Privilege Escalation

Disclosed November 24, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
pillars

RIP Section 179 Benefits on December 31, 2010

Posted November 23, 2010    Peter McCalister

The Economic Stimulus Act of 2008, which was extended to 2009 and 2010, is now coming to an end this year and the associated benefits with Section 179 will also be lost to businesses. Section 179 of the IRS tax code encourages businesses to buy equipment/software and invest in themselves to help spur our economy.

Categories:
General
sweep-under-rug

Can Eliminating Admin Rights Reduce My Virus Protection Problems?

Posted November 22, 2010    Peter McCalister

So you’ve invested heavily in antivirus software but still seem to have to deal with the latest viruses, trojans, ransomware until your AV provider can can formulate and download the cure. The question that should be top of mind is whether or not there is a way to prevent or at least limit malware from ever even entering your IT environment?

Categories:
General
microsoft

Microsoft Windows Task Scheduler Service Privilege Escalation

Disclosed November 20, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
Potect With Confidence

Top 10 Reasons To Implement Least Privilege for Linux Servers

Posted November 19, 2010    Peter McCalister

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege on Linux Servers are:

Categories:
Privileged Account Management
DOI Finds fault

Have the Feds Stumbled Upon a Global Cybersecurity Predicament?

Posted November 18, 2010    Peter McCalister

The Department of the Interior Inspector General has issued a report that is critical of the agency’scybersecurity performance, summarizing that its efforts fall short of the federal government requirements. For example, the security levels of certain types of IT systems were not categorized correctly.

Categories:
General
shoe

The Reality of “The Dirty Dozen” and why I love Google Chrome

Posted November 17, 2010    Marc Maiffret

If you have been following your security news the last couple of days you will have seen that there have been a handful of headlines about the “Dirty Dozen” most vulnerable applications with Google Chrome coming in at number one. Just from that fact alone I became quickly suspicious on the science behind the calculations…

Categories:
General
Tags:
, , , ,
cloudlock1

Computerworld’s Advice Still Relies Too Much on Trust

Posted November 17, 2010    Peter McCalister

In a Computerworld article, last week, exploring the ‘scary side of virtualization’, the reporter, took some time out in a sidebar, to offer some sage staffing advice.

Categories:
Vulnerability Management
Team

Vulnerability Management in a Data Warehouse

Posted November 16, 2010    Morey Haber

Have you ever been asked, “How long has that vulnerability been in our systems?” Have you ever wondered if your patch management process is keeping up with the number of new vulnerabilities being identified? Keep reading…

Categories:
Privileged Account Management
Tags:
, , , , , , ,
linux logo

Linux Proliferation Raises Security & Compliance Alerts

Posted November 16, 2010    Peter McCalister

The Linux Foundation recently conducted a survey of Linux users who represent the largest enterprise companies and government agencies. The survey found that Linux is poised for growth in the coming years, with 76.4 percent of companies planning to add more Linux servers in the next year.

Categories:
Vulnerability Management