Threat Research​

  • 2023 Cybersecurity Predictions from CyberArk Labs

    2023 Cybersecurity Predictions from CyberArk Labs

    It’s been an eventful 2022 and, based on what our CyberArk Labs team is observing, 2023 will introduce yet another chapter of cybersecurity threats and challenges, along with some new...

    Read Article
  • CyberArk Named a Leader in the 2022 Gartner® Magic Quadrant™ for Privileged Access Management – again.

    View the Report
  • Unpacking the Uber Breach

    Unpacking the Uber Breach

    In the days following the September 15 Uber breach disclosure, much has been written about how one, allegedly 18-year-old attacker was able to successfully infiltrate the ridesharing giant’s IT...

    Read Article
  • QR Codes in a Post Pandemic World46:46

    QR Codes in a Post Pandemic World

    QR codes are accessible, easy to produce and seemingly, here to stay. They’re also a perfect way for cyber criminals to snag your employee’s personal information.

    Watch Video
  • Don’t Fall for MFA Fatigue or Next-Level Phishing Attacks

    Don’t Fall for MFA Fatigue or Next-Level Phishing Attacks

    Phishing attacks are pervasive, whether you work at a global telecommunications company or a small local retail shop. Fortunately, employees have come a long way in spotting phishing attempts,...

    Read Article
  • Step Away From the QR Code and Read These 7 Safety Tips

    Step Away From the QR Code and Read These 7 Safety Tips

    This post is authored by Len Noe, a technical evangelist and white hat hacker at CyberArk. Listen to his recent “Trust Issues” podcast episode on transhumanism and charting the final cybersecurity...

    Read Article
  • 2022 Verizon DBIR: 15 Years, 15 Takeaways

    2022 Verizon DBIR: 15 Years, 15 Takeaways

    Since 2008, the Verizon Data Breach Investigations Report (DBIR) has provided the global cybersecurity community with valuable insights on the evolving threat landscape. Not only does the latest...

    Read Article
  • Finding Bugs in Windows Drivers, Part 1 – WDM

    Finding Bugs in Windows Drivers, Part 1 – WDM

    Finding vulnerabilities in Windows drivers was always a highly sought-after prize by sophisticated threat actors, game cheat writers and red teamers. As you probably know, every bug in a driver...

    Read Article
  • Identity Security Threat Landscape 2022 Infographic

    Identity Security Threat Landscape 2022 Infographic

    CYBERSECURITY DEBT PERMEATES ORGANIZATIONS

    Read Flipbook
  • How Digital Identities Drive Cybersecurity Debt, the Hidden Transformation Trade-Off

    How Digital Identities Drive Cybersecurity Debt, the Hidden Transformation Trade-Off

    Many cybersecurity concepts are complex and often difficult to explain to non-technical audiences. Kerberoasting? Golden SAML? Huh? This can make it challenging for security leaders to communicate...

    Read Article
  • CyberArk 2022 Identity Security Threat Landscape Report

    CyberArk 2022 Identity Security Threat Landscape Report

    Massive Growth of Digital Identities Is Driving Rise in Cybersecurity Debt.

    Read Flipbook
  • Ransomware Rewind: From Floppy Disks to Ransomcloud Attacks

    Ransomware Rewind: From Floppy Disks to Ransomcloud Attacks

    From plug-and-play ransomware-as-a-service offerings to highly skilled operator-based attacks, ransomware is proof that cyber attackers are constantly innovating to achieve their goals. Long...

    Read Article
  • Conti Group Leaked!

    Conti Group Leaked!

    The conflict in Ukraine has driven significant attention from the cybersecurity community, due in large part to the cyber attacks conducted against Ukraine infrastructure — including evidence of...

    Read Article
  • Mission: Cyber Resilience

    Mission: Cyber Resilience

    With all eyes on Ukraine, CISOs and other security leaders are heeding the call of governments and intelligence agencies to “shield up.” In recent weeks, nation-state threat actors have ramped up...

    Read Article
  • HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)

    HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)

    As geopolitical tensions continue to mount, reports are emerging of a new wiper malware targeting Ukrainian infrastructure, such as government departments. Symantec and ESET research first tweeted...

    Read Article
  • How Docker Made Me More Capable and the Host Less Secure

    How Docker Made Me More Capable and the Host Less Secure

    TL;DR After Docker released a fix [1] for CVE-2021-21284 [2], it unintentionally created a new vulnerability that allows a low-privileged user on the host to execute files from Docker images....

    Read Article
  • Checking for Vulnerable Systems for CVE-2021-4034 with PwnKit-Hunter

    Checking for Vulnerable Systems for CVE-2021-4034 with PwnKit-Hunter

    What is PwnKit Vulnerability CVE-2021-4034? On January 25th, 2022, a critical vulnerability in polkit’s pkexec was publicly disclosed (link). The Qualys research team named this vulnerability...

    Read Article
  • Analyzing Malware with Hooks, Stomps and Return-addresses

    Analyzing Malware with Hooks, Stomps and Return-addresses

    Table of Contents Introduction The First Detection The Module Stomp Bypass The Module Stomp Detection Final Thoughts Introduction This is the second post in my series and with this post we will...

    Read Article
  • CISA on Ukraine Cyber Attacks: Are You at Risk?

    CISA on Ukraine Cyber Attacks: Are You at Risk?

    Reports of a large-scale cyber attack targeting Ukrainian organizations and several government department websites have emerged in recent days. In response, the Cybersecurity & Infrastructure...

    Read Article
  • Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more

    Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more

    In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...

    Read Article
  • 3 Cyber Attacks that Didn’t Get Enough Attention in 2021 (But Probably Should Have)

    3 Cyber Attacks that Didn’t Get Enough Attention in 2021 (But Probably Should Have)

    In 1988, graduate student Robert Tappan Morris created a computer worm and inadvertently launched what many consider to be the world’s first cyber attack. Since that infamous “Morris Worm,” major...

    Read Article
  • loading
    Loading More...