Blog Posts

Successful digital transformation depends on the security of your cloud environment. Modern organizations recognize the importance of securing identities in the zero-perimeter, Zero Trust world of...

Today is Identity Management Day – a U.S. awareness initiative presented by the National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA). In the midst of a dramatic...

Since the COVID-19 outbreak there have been countless headlines and viral social media posts exposing some of the worst remote security faux pas, ranging from the financially devastating to the...

In this blog post, we will introduce a new open-source tool we developed, named Kubesploit, for testing Kubernetes environments. This is a full framework, dedicated to Kubernetes, to assist...

If you’ve never celebrated the Epiphany (or Mardi Gras in Louisiana), you have likely missed out on the tradition of the King Cake. It’s a coffee cake-type pastry with a small figurine baked...

The SolarWinds digital supply chain attack began by compromising the “heart” of the CI/CD pipeline and successfully changing application code. It highlighted the major challenges organizations...

In the early 1960s, J.C.R. Licklider, director of the Pentagon’s Information Processing Techniques Office (IPTO), spoke of a future “intergalactic computer network” that would serve as the “main...

Credential theft is on the rise, yet attackers are shifting their collective focus to non-traditional user populations that may not be adequately protected. That’s according to the “The CISO View...

The recent SolarWinds Senate hearing and a flurry of subsequent briefings have unearthed new questions around the attack, which acting director of the U.S. Cybersecurity and Infrastructure Agency...

“I always feel like somebody’s watching me… Tell me is it just a dream?” It may have been a dream in 1984 when “Somebody’s Watching Me” topped the charts, but today it’s real life: somebody...

TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...

From a remote employee using a personal device for work, to a marketing consultant logging into a shared social media account, to a customer authenticating to use a SaaS app, someone is accessing...

“My goal is no longer to get more done, but rather to have less to do,” writes author Francine Jay. It’s a sentiment that resonates with many of us juggling work, life and everything in...

Back in 2012, Security Innovation wrote about what – at the time – was a relatively new C-Level role dubbed Chief Information Security Officer. In the introductory blog post, the author attempted...

Lately, we’ve been busy researching the developing field of cloud and container threats. Why focus here? Because, as this technology becomes more popular and continues to evolve, attackers are...

TL;DR During an internal container-based Red Team engagement, the Docker default container spontaneously and silently changed cgroups overnight, which allowed us to escalate privileges and gain...

We still don’t have a complete picture of what exactly happened during the SolarWinds attack in 2020, nor do we know the full extent yet of the damage or what the long-term impact may be....

Learn how an Identity Security approach can secure access across any device, anywhere, at just the right time. No more choosing between security and productivity!

Almost a year ago, the world turned upside down and seemingly everything changed due to the COVID-19 pandemic. In that time, entire workforces went – and stayed – home, cloud adoption skyrocketed...