Blog Posts

How to Map Identity Security Maturity and Elevate Your Strategy

The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic...

Read Article
LTT Attack Targets Session Cookies to Push Crypto Scam

Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) –...

Read Article
Protect Passwords, Don’t Just Manage Them: A Game Plan for CIOs and CISOs

When 921 password attacks occur per second, it’s time to treat everyday employees’ credentials like the true operational risk they are. Today’s attackers assign a level of value to employees’...

Read Article
What Is Zero Trust and Why Is it So Important?

There are nuances to how Zero Trust security is defined — but at its core, it's a strategic cybersecurity model enabled to protect modern digital business environments.

Read Article
How to Streamline Security Operations With Identity Security Intelligence

“Black Swan” author Nicholas Nassim Taleb once wrote that “intelligence consists in ignoring things that are irrelevant (avoiding false patterns).” Organizations must take this definition to heart...

Read Article
Persistence Techniques That Persist

Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...

Read Article
Secrets Management: Meeting Developers Where They Are

There’s always a balancing act when it comes to building and deploying cloud-native applications in environments like Amazon Web Services (AWS). The whole point of moving production to the cloud...

Read Article
Why the Phishing Blame Game Misses the Point

Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction – emails on company computers, text and voice...

Read Article
How Automated Identity Management Can Help Solve the Compliance Puzzle

Have you ever received a puzzle as a gift from a well-intentioned friend? They likely thought something along the lines of, “Hey, this person’s into solving problems — I bet they’d love putting...

Read Article
Phishing as a Service

Introduction Everyone knows what phishing is. It has been around for more than two decades. Now it seems that phishing is more accessible than before. This blog covers how malicious actors can...

Read Article
Deconstructing Identity Security

Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation and cloud migration...

Read Article
Udi Mokady to Step into Executive Chair Role and Matt Cohen to Become CEO

Today, CyberArk announced that our founder and CEO Udi Mokady will step into the role of Executive Chairman and our Chief Operating Officer, Matt Cohen, will become CyberArk’s CEO, effective April...

Read Article
Post-CircleCI Breach, Focus on Identity Security Strategy

When news of the recent CircleCI breach broke, developers everywhere scrambled to rotate tokens and remove hardcoded secrets stored in the popular CI/CD platform to minimize their exposure. Now...

Read Article
The Linux Kernel and the Cursed Driver

Introduction NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS...

Read Article
How to Secure Secrets in Multi-cloud Environments

It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency and remaining...

Read Article
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1

Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...

Read Article
Three Ways to Reinforce Least Privilege with Identity Management

The definition of privilege is changing, and this changes everything. Identities of all types — not just IT team members, but any employees — are gaining access to sensitive data, infrastructure...

Read Article
Identity Security: Bridging the Executive Confidence/Reality Gap

In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a...

Read Article
Why No User Should Have Local Admin Rights

The idea of removing local administrator rights from Every. Single. User. across your organization is likely to spark strong reactions. Search popular online forums for the phrase “remove local...

Read Article
Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers

TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a...

Read Article
Loading More...

Blog Posts

How to Map Identity Security Maturity and Elevate Your Strategy

The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic...

LTT Attack Targets Session Cookies to Push Crypto Scam

Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) –...

Protect Passwords, Don’t Just Manage Them: A Game Plan for CIOs and CISOs

When 921 password attacks occur per second, it’s time to treat everyday employees’ credentials like the true operational risk they are. Today’s attackers assign a level of value to employees’...

What Is Zero Trust and Why Is it So Important?

There are nuances to how Zero Trust security is defined — but at its core, it's a strategic cybersecurity model enabled to protect modern digital business environments.

How to Streamline Security Operations With Identity Security Intelligence

“Black Swan” author Nicholas Nassim Taleb once wrote that “intelligence consists in ignoring things that are irrelevant (avoiding false patterns).” Organizations must take this definition to heart...

Persistence Techniques That Persist

Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...

Secrets Management: Meeting Developers Where They Are

There’s always a balancing act when it comes to building and deploying cloud-native applications in environments like Amazon Web Services (AWS). The whole point of moving production to the cloud...

Why the Phishing Blame Game Misses the Point

Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction – emails on company computers, text and voice...

How Automated Identity Management Can Help Solve the Compliance Puzzle

Have you ever received a puzzle as a gift from a well-intentioned friend? They likely thought something along the lines of, “Hey, this person’s into solving problems — I bet they’d love putting...

Phishing as a Service

Introduction Everyone knows what phishing is. It has been around for more than two decades. Now it seems that phishing is more accessible than before. This blog covers how malicious actors can...

Deconstructing Identity Security

Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation and cloud migration...

Udi Mokady to Step into Executive Chair Role and Matt Cohen to Become CEO

Today, CyberArk announced that our founder and CEO Udi Mokady will step into the role of Executive Chairman and our Chief Operating Officer, Matt Cohen, will become CyberArk’s CEO, effective April...

Post-CircleCI Breach, Focus on Identity Security Strategy

When news of the recent CircleCI breach broke, developers everywhere scrambled to rotate tokens and remove hardcoded secrets stored in the popular CI/CD platform to minimize their exposure. Now...

The Linux Kernel and the Cursed Driver

Introduction NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS...

How to Secure Secrets in Multi-cloud Environments

It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency and remaining...

Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1

Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...

Three Ways to Reinforce Least Privilege with Identity Management

The definition of privilege is changing, and this changes everything. Identities of all types — not just IT team members, but any employees — are gaining access to sensitive data, infrastructure...

Identity Security: Bridging the Executive Confidence/Reality Gap

In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a...

Why No User Should Have Local Admin Rights

The idea of removing local administrator rights from Every. Single. User. across your organization is likely to spark strong reactions. Search popular online forums for the phrase “remove local...

Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers

TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a...