Common, but Easily Avoidable, PCI DSS Compliance Miscues

by Ben Rothke  | 

​I spent many years as PCI QSA, and my recent webinar: The PCI DSS Compliance Essentials: Top 10 Things You Need to Know tried to encapsulate some of the most important areas firms need to consider as they go down the road to PCI compliance. Perhaps the most important topic I covered in the webinar is one that far too many firms don’t even consider—asking why they even store PCI cardholder data (CHD) in the first place.

CVE-2014-3515 Update for Remote Support Users

by Dave Giles  | 

​Security comes first at BeyondTrust, and our number one priority is enabling customers to secure and protect their environments. In February 2015, CVE-2014-3515 was published regarding a vulnerability that was applicable to our BeyondTrust (previously Bomgar) Remote Support solution. We’ve been made aware of a current attack that is leveraging this old vulnerability, and are encouraging all users to update their software.

Passwordless Administration Explained

by Morey J. Haber  | 

Passwordless administration is a simple concept with huge ramifications for securing an organization. Administrative tasks can be “trusted” to users and assets without provisioning additional credentials, and technology can work below the entitlement and privilege capabilities of the application and operating system to make them execute with the proper privileges necessary, including network authentication, for complete user transparency.

Recent Posts