Blog Posts

  • Cyber Breach Remediation’s 5-Step Cycle

    Cyber Breach Remediation’s 5-Step Cycle

    Organizations tend to fall into two categories: those that have been breached and those that don’t yet realize they’ve been breached. If you belong to the first group, believe it or not, you’re in...

    Read Article
  • Battling the Three Forces of Identity Security at IMPACT23

    Battling the Three Forces of Identity Security at IMPACT23

    Identity security: it’s a battle being waged on three fronts – and a rallying point for global cybersecurity professionals attending CyberArk IMPACT23, the identity security event of the year,...

    Read Article
  • The Seven Types of Non-human Identities to Secure

    The Seven Types of Non-human Identities to Secure

    Non-humans are everywhere these days. Sure, you’ve seen the much-deserved hype about how AI-powered tools like ChatGPT are going to change everything. But there are plenty of more mundane...

    Read Article
  • How to Write a PoC for an Uninitialized Smart Contract Vulnerability in BadgerDAO Using Foundry

    How to Write a PoC for an Uninitialized Smart Contract Vulnerability in BadgerDAO Using Foundry

    TL;DR In this post, we’re going to learn how Foundry can be used to write a proof of concept (PoC) for uninitialized smart contract vulnerabilities. We will take a look at and exploit a simple...

    Read Article
  • Overcoming Healthcare EHR Access Hurdles

    Overcoming Healthcare EHR Access Hurdles

    Healthcare cyberattacks are increasing in “frequency, severity and sophistication,” said Nitin Natarajan, U.S. Cybersecurity and Infrastructure Security Agency (CISA) deputy director, in his...

    Read Article
  • Secure Identities With These Five Intelligent Privilege Controls

    Secure Identities With These Five Intelligent Privilege Controls

    If you’re reading this, a major part of your job is making the case for security-related issues you know are urgent. You may be among the 97% of CISOs being asked to present to their...

    Read Article
  • White Phoenix: Beating Intermittent Encryption

    White Phoenix: Beating Intermittent Encryption

    Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...

    Read Article
  • Fantastic Rootkits and Where to Find Them (Part 2)

    Fantastic Rootkits and Where to Find Them (Part 2)

    Know Your Enemy In the previous post (Part 1), we covered several rootkit technique implementations. Now we will focus on kernel rootkit analysis, looking at two case studies of rootkits found in...

    Read Article
  • Bad Droid! How Shoddy Machine Security Can Topple Empires

    Bad Droid! How Shoddy Machine Security Can Topple Empires

    The need for strong identity security protocols for humans has been a given for years. Your organization likely has multiple layers of controls to ensure that access to sensitive assets is limited...

    Read Article
  • Assess Insider Threats by Asking 6 Key Questions

    Assess Insider Threats by Asking 6 Key Questions

    The people closest to your business can sometimes cause the most damage. Yet while top-secret data leaks are headline news today, most insider threats are well-intentioned people who just screw...

    Read Article
  • Australia’s Growing Focus on Critical Infrastructure Cybersecurity in 2023

    Australia’s Growing Focus on Critical Infrastructure Cybersecurity in 2023

    In recent years, several major cyberattacks targeted critical infrastructure in Australia, including a major telecommunication company, which suffered a devastating data breach in September 2022....

    Read Article
  • Why Shutting Off SMS 2FA Makes Sense

    Why Shutting Off SMS 2FA Makes Sense

    Twitter’s recent decision to turn off SMS two-factor authentication (2FA) for non-Twitter Blue users created a stir. While media and tech pundits questioned the company’s motives, many users...

    Read Article
  • Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2

    Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2

    In the previous blog post, we described how the Docker research started and showed how we could gain a full privilege escalation through a vulnerability in Docker Desktop. In this follow-up blog...

    Read Article
  • Cloud Identity Security: It Doesn’t Taste Like Chicken

    Cloud Identity Security: It Doesn’t Taste Like Chicken

    There’s a scene in the original “Matrix” movie when Neo is sitting in the grimy kitchen with the rest of the crew and eating gray, runny slop. No matter what new version of gray slop...

    Read Article
  • The (Not so) Secret War on Discord

    The (Not so) Secret War on Discord

    CyberArk Malware Research Team Abstract CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware...

    Read Article
  • ChatGPT’s Role in the Evolution of Application Development

    ChatGPT’s Role in the Evolution of Application Development

    When I wrote my first applications in high school, coding was a lot more time-consuming. I didn’t have libraries I could shop through with ready-made bits of code to drop in to save myself time...

    Read Article
  • AI, ChatGPT and Identity Security’s Critical Human Element

    AI, ChatGPT and Identity Security’s Critical Human Element

    In 1999, a far-fetched movie about a dystopia run by intelligent machines captured our imaginations (and to this day, remains my favorite film). Twenty-four years later, the line between fact and...

    Read Article
  • Quantum Computing Is Coming… Here are 4 Ways to Get Ready

    Quantum Computing Is Coming… Here are 4 Ways to Get Ready

    Ask a cybersecurity professional what keeps them up at night and you’ll get answers about insufficient staffing, IT complexity or constant attacks on their business. Quantum computing isn’t likely...

    Read Article
  • How to Map Identity Security Maturity and Elevate Your Strategy

    How to Map Identity Security Maturity and Elevate Your Strategy

    The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic...

    Read Article
  • LTT Attack Targets Session Cookies to Push Crypto Scam

    LTT Attack Targets Session Cookies to Push Crypto Scam

    Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) –...

    Read Article
  • loading
    Loading More...