Blog Posts
-
How to Map Identity Security Maturity and Elevate Your Strategy
The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic...
-
LTT Attack Targets Session Cookies to Push Crypto Scam
Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) –...
-
Protect Passwords, Don’t Just Manage Them: A Game Plan for CIOs and CISOs
When 921 password attacks occur per second, it’s time to treat everyday employees’ credentials like the true operational risk they are. Today’s attackers assign a level of value to employees’...
-
What Is Zero Trust and Why Is it So Important?
There are nuances to how Zero Trust security is defined — but at its core, it's a strategic cybersecurity model enabled to protect modern digital business environments.
-
How to Streamline Security Operations With Identity Security Intelligence
“Black Swan” author Nicholas Nassim Taleb once wrote that “intelligence consists in ignoring things that are irrelevant (avoiding false patterns).” Organizations must take this definition to heart...
-
Persistence Techniques That Persist
Abstract Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change...
-
Secrets Management: Meeting Developers Where They Are
There’s always a balancing act when it comes to building and deploying cloud-native applications in environments like Amazon Web Services (AWS). The whole point of moving production to the cloud...
-
Why the Phishing Blame Game Misses the Point
Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction – emails on company computers, text and voice...
-
How Automated Identity Management Can Help Solve the Compliance Puzzle
Have you ever received a puzzle as a gift from a well-intentioned friend? They likely thought something along the lines of, “Hey, this person’s into solving problems — I bet they’d love putting...
-
Phishing as a Service
Introduction Everyone knows what phishing is. It has been around for more than two decades. Now it seems that phishing is more accessible than before. This blog covers how malicious actors can...
-
Deconstructing Identity Security
Most companies now recognize the serious and insidious nature of cybersecurity threats. But many fail to grasp that the digital transformation, remote work, automation and cloud migration...
-
Udi Mokady to Step into Executive Chair Role and Matt Cohen to Become CEO
Today, CyberArk announced that our founder and CEO Udi Mokady will step into the role of Executive Chairman and our Chief Operating Officer, Matt Cohen, will become CyberArk’s CEO, effective April...
-
Post-CircleCI Breach, Focus on Identity Security Strategy
When news of the recent CircleCI breach broke, developers everywhere scrambled to rotate tokens and remove hardcoded secrets stored in the popular CI/CD platform to minimize their exposure. Now...
-
The Linux Kernel and the Cursed Driver
Introduction NTFS is a filesystem developed by Microsoft that was introduced in 1993. Since then, it has become the primary filesystem for Windows. In recent years, the need for an NTFS...
-
How to Secure Secrets in Multi-cloud Environments
It wasn’t too long ago that using a single cloud for some business operations was cutting-edge technology. Now the cloud is essential for accelerating growth, improving efficiency and remaining...
-
Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1
Everything started when I was researching Windows containers. It required installing Docker Desktop for Windows, and I couldn’t help but notice that there were many Docker processes. Since some of...
-
Three Ways to Reinforce Least Privilege with Identity Management
The definition of privilege is changing, and this changes everything. Identities of all types — not just IT team members, but any employees — are gaining access to sensitive data, infrastructure...
-
Identity Security: Bridging the Executive Confidence/Reality Gap
In recent years, cybersecurity has become a board-level issue resulting in several executives taking greater responsibility in cybersecurity-related decisions. As a result, the CISO is no longer a...
-
Why No User Should Have Local Admin Rights
The idea of removing local administrator rights from Every. Single. User. across your organization is likely to spark strong reactions. Search popular online forums for the phrase “remove local...
-
Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers
TL;DR I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI). Many of the vulnerabilities originated in a...
-
Loading More...