Blog Posts
-
Cyber Breach Remediation’s 5-Step Cycle
Organizations tend to fall into two categories: those that have been breached and those that don’t yet realize they’ve been breached. If you belong to the first group, believe it or not, you’re in...
-
Battling the Three Forces of Identity Security at IMPACT23
Identity security: it’s a battle being waged on three fronts – and a rallying point for global cybersecurity professionals attending CyberArk IMPACT23, the identity security event of the year,...
-
The Seven Types of Non-human Identities to Secure
Non-humans are everywhere these days. Sure, you’ve seen the much-deserved hype about how AI-powered tools like ChatGPT are going to change everything. But there are plenty of more mundane...
-
How to Write a PoC for an Uninitialized Smart Contract Vulnerability in BadgerDAO Using Foundry
TL;DR In this post, we’re going to learn how Foundry can be used to write a proof of concept (PoC) for uninitialized smart contract vulnerabilities. We will take a look at and exploit a simple...
-
Overcoming Healthcare EHR Access Hurdles
Healthcare cyberattacks are increasing in “frequency, severity and sophistication,” said Nitin Natarajan, U.S. Cybersecurity and Infrastructure Security Agency (CISA) deputy director, in his...
-
Secure Identities With These Five Intelligent Privilege Controls
If you’re reading this, a major part of your job is making the case for security-related issues you know are urgent. You may be among the 97% of CISOs being asked to present to their...
-
White Phoenix: Beating Intermittent Encryption
Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...
-
Fantastic Rootkits and Where to Find Them (Part 2)
Know Your Enemy In the previous post (Part 1), we covered several rootkit technique implementations. Now we will focus on kernel rootkit analysis, looking at two case studies of rootkits found in...
-
Bad Droid! How Shoddy Machine Security Can Topple Empires
The need for strong identity security protocols for humans has been a given for years. Your organization likely has multiple layers of controls to ensure that access to sensitive assets is limited...
-
Assess Insider Threats by Asking 6 Key Questions
The people closest to your business can sometimes cause the most damage. Yet while top-secret data leaks are headline news today, most insider threats are well-intentioned people who just screw...
-
Australia’s Growing Focus on Critical Infrastructure Cybersecurity in 2023
In recent years, several major cyberattacks targeted critical infrastructure in Australia, including a major telecommunication company, which suffered a devastating data breach in September 2022....
-
Why Shutting Off SMS 2FA Makes Sense
Twitter’s recent decision to turn off SMS two-factor authentication (2FA) for non-Twitter Blue users created a stir. While media and tech pundits questioned the company’s motives, many users...
-
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2
In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog...
-
Cloud Identity Security: It Doesn’t Taste Like Chicken
There’s a scene in the original “Matrix” movie when Neo is sitting in the grimy kitchen with the rest of the crew and eating gray, runny slop. No matter what new version of gray slop...
-
The (Not so) Secret War on Discord
CyberArk Malware Research Team Abstract CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware...
-
ChatGPT’s Role in the Evolution of Application Development
When I wrote my first applications in high school, coding was a lot more time-consuming. I didn’t have libraries I could shop through with ready-made bits of code to drop in to save myself time...
-
AI, ChatGPT and Identity Security’s Critical Human Element
In 1999, a far-fetched movie about a dystopia run by intelligent machines captured our imaginations (and to this day, remains my favorite film). Twenty-four years later, the line between fact and...
-
Quantum Computing Is Coming… Here are 4 Ways to Get Ready
Ask a cybersecurity professional what keeps them up at night and you’ll get answers about insufficient staffing, IT complexity or constant attacks on their business. Quantum computing isn’t likely...
-
How to Map Identity Security Maturity and Elevate Your Strategy
The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic...
-
LTT Attack Targets Session Cookies to Push Crypto Scam
Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) –...
-
Loading More...