BeyondTrust

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Privilege Escalation Attack and Defense Explained

Privilege escalation can be defined as an attack that involves gaining illicit access of elevated rights, or privileges, beyond what is intended or entitled for a user. This attack can involve an external threat actor or an insider. Privilege escalation is a key stage of the cyberattack chain and typically involves the exploitation of a privilege escalation vulnerability, such as a system bug, misconfiguration, or inadequate access controls. In this blog, I will explain how privilege escalation works, the key attack vectors involved with privilege escalation, and the critical privileged access security controls you can implement to prevent or mitigate it.

Read this post

3 Powerful Strategies for CISOs to Boost their Organizational Influence

​In recent years, the CISO role has rapidly been propelled to prominence amongst the C-suite, underpinned by relentless cyber-incursions, intense regulatory security, and the undeniable correlation between cyber-resilience and long-term business and stock performance. Unfortunately, this rapid shift also continues to expose the soft underbelly of most cyber executives, whose technical competences are ill-suited to drive complex change, overcome deeply entrenched cultural inertia, and navigate powerful political establishments.

Read this post

What Is Least Privilege & Why Do You Need It?

Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints. When applied to people, least privilege access, sometimes called the principle of least privilege (POLP), means enforcing the minimal level of user rights, or lowest clearance level, that allows the user to perform his/her role. However, least privilege also applies to processes, applications, systems, and devices (such as IoT), in that each should have only those permissions required to perform an authorized activity.

Read this post

Security Advisory: Privilege Management for Unix & Linux (PMUL) Basic and Privilege Management for Mac (PMM) Affected by Sudo Vulnerability

​On January 26, 2021, the Qualys research team disclosed a heap overflow vulnerability (CVE-2021-3156) within sudo that allows any unprivileged user to gain root privileges on Linux without requiring a password. BeyondTrust PBsudo/Privilege Management for Unix & Linux Basic is affected by this CVE. Apple also acknowledged and released updates to macOS for this CVE on Feb 10, 2021. Based on macOS releases, we confirmed that Privilege Management for Mac (PMM) is also impacted by this CVE.

Read this post

Are your Remote Access Tools FIPS 140-2 Validated? Here’s Why it Matters

​The Federal Information Processing Standard (FIPS) 140-2 is an important IT security benchmark and U.S. government standard issued by the National Institute of Standards and Technology (NIST). FIPS 140-2 validation is required for the sale of products with cryptography modules to the federal government. BeyondTrust’s Secure Remote Access solution, comprised of our Remote Support and Privileged Remote Access products, has been awarded a Level 1 Federal Information Processing Standards Publication (FIPS) 140-2 validation for our Remote Support and Privileged Remote Access B300 appliance (physical or virtual). BeyondTrust has the only Secure Remote Access solution that meet the rigorous requirements of FIPS 140-2 Level 1.

Read this post

Aligning Credential & Identity-Based Risk Management with Government Mandates

​Over the last year, the surge in government workers remotely logging on to agency networks has been shadowed by concerns about how well agencies are able to strictly control and audit this access. In other words, ensuring the right user has the proper credentials to access the right data, and only at the right time, and for the right purpose. But even before the COVID-19 outbreak sent hundreds of thousands of government employees and contractors scrambling into an extended teleworking experiment, the federal government has been focusing on modernizing and strengthening its Identity, Credential, and Access Management (ICAM) policies.

Read this post

Cyber Attack on Water Treatment Plant a Wake-Up Call to Harden Remote Access Security

​Last Friday, a cyber threat actor audaciously cracked into the systems of a Florida water treatment plant leveraging the TeamViewer remote access tool, and ordered the system to increase the amount of lye in the water to extremely dangerous levels. This should serve as a blunt reminder and wake-up call that using consumer-grade remote access tools in both Operational Technology (OT) and Information Technology (IT) environments can introduce risk.

Read this post

A Cybersecurity Wellness Check for the Healthcare Industry

​2020 was a challenging year for almost everyone due to the global pandemic. The healthcare sector, in particular, faced many unique and daunting challenges. Healthcare organizations were under enormous pressure handling large and, sometimes, overwhelming numbers of patients. To attack a sector desperately trying to keep people alive seems particularly craven, yet that is exactly what cybercriminals did; targeting overwhelmed and stressed health systems and supply chains for financial gain.

Read this post