A global report from CyberArk which shows that 79% of senior security professionals say that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. The CyberArk 2022 Identity Security Threat Landscape Report identifies how the rise of human and machine identities – often running into the hundreds of thousands per organization – has driven a buildup of identity-related cybersecurity “debt”, exposing organizations to greater cybersecurity risk.
Gartner Names CyberArk a Leader in the 2021 Magic Quadrant for PAM
Download NowRecommended for You

CYBERSECURITY DEBT PERMEATES ORGANIZATIONS

Many cybersecurity concepts are complex and often difficult to explain to non-technical audiences. Kerberoasting? Golden SAML? Huh? This can make it challenging for security leaders to communicate...

From plug-and-play ransomware-as-a-service offerings to highly skilled operator-based attacks, ransomware is proof that cyber attackers are constantly innovating to achieve their goals. Long...

The conflict in Ukraine has driven significant attention from the cybersecurity community, due in large part to the cyber attacks conducted against Ukraine infrastructure — including evidence of...

With all eyes on Ukraine, CISOs and other security leaders are heeding the call of governments and intelligence agencies to “shield up.” In recent weeks, nation-state threat actors have ramped up...

As geopolitical tensions continue to mount, reports are emerging of a new wiper malware targeting Ukrainian infrastructure, such as government departments. Symantec and ESET research first tweeted...

TL;DR After Docker released a fix [1] for CVE-2021-21284 [2], it unintentionally created a new vulnerability that allows a low-privileged user on the host to execute files from Docker images....

What is PwnKit Vulnerability CVE-2021-4034? On January 25th, 2022, a critical vulnerability in polkit’s pkexec was publicly disclosed (link). The Qualys research team named this vulnerability...

Table of Contents Introduction The First Detection The Module Stomp Bypass The Module Stomp Detection Final Thoughts Introduction This is the second post in my series and with this post we will...

Reports of a large-scale cyber attack targeting Ukrainian organizations and several government department websites have emerged in recent days. In response, the Cybersecurity & Infrastructure...

In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...

In 1988, graduate student Robert Tappan Morris created a computer worm and inadvertently launched what many consider to be the world’s first cyber attack. Since that infamous “Morris Worm,” major...

A year ago, the business world entered 2021 still reeling from the catastrophic SolarWinds attack that impacted thousands of organizations and put software supply chain risks on everyone’s radar —...

Threat researchers on the cutting edge of cybersecurity have a certain kind of drive — almost a relentless need — to get into the attacker’s mind, solve the “unsolvable” challenge and expose ...

In December 2020, a series of network breaches was reported in rapid succession — the beginning of what soon became known as the cyber attack that changed everything. By compromising identities...

The Greek philosopher Heraclitus once said “the only constant is change.” This still rings true thousands of years later — particularly as we reflect on 2021, another year marked by continued...

Chinese military general Sun Tzu’s treatise The Art of War has been cited over the years by millions of self-help gurus and corporate strategy consultants – and misquoted in a million more...

How I Cracked 70% of Tel Aviv’s Wifi Networks (from a Sample of 5,000 Gathered WiFi). In the past seven years that I’ve lived in Tel Aviv, I’ve changed apartments four times. Every time I...

While enterprises fight to stave off relentless attacks, 57% of them are hamstrung by the ever-worsening global cybersecurity skills shortage. An estimated 4.07 million industry positions remain...

Introduction This post describes the work we’ve done on fuzzing the Windows RDP client and server, the challenges of doing so, and some of the results. The Remote Desktop Protocol (RDP) by...