Government agencies worldwide are entrusted with safeguarding sensitive data and facilitating seamless operations across various critical infrastructure sectors. However, this pivotal role puts them in threat actors’ sights – from cybercriminals to politically motivated entities to state-sponsored actors from other parts of the world.

OpenShift, Red Hat’s enterprise-grade Kubernetes platform, has become the cornerstone for organizations embracing containerization. Its ability to streamline application development, deployment, and scaling across hybrid and multi-cloud environments is undeniable. However, successful OpenShift deployment is far from a walk in the park. The intricacies of container orchestration, data management, and maintaining high availability can quickly overwhelm even experienced IT teams.

Today, most organizations and individuals use Linux and the Linux kernel with a “one-size-fits-all” approach. This differs from how Linux was used in the past–for example, 20 years ago, many users would compile their kernel and modify it to fit their specific needs, architectures and use cases. This is no longer the case, as one-size-fits-all has become good enough. But, like anything in life, “good enough” is not the best you can get.

OpenSSH server is currently exposed to a dangerous vulnerability that, if exploited, could grant cybercriminals full system access without user interaction. This post provides an overview of CVE-2024-6387 and suggests remediation responses to mitigate its impact.

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.

During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager). This vulnerability allowed an unprivileged user to execute arbitrary code as SYSTEM. CyberArk responsibly disclosed this vulnerability to Delinea, including the exploit proof of concept (POC) code, as part of our commitment to contributing to the security community.

Paris is the place to be, hosting events like Vogue World and Tour de France. Unfortunately, where there’s a lot of people, there are plenty of scammers.

In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.

In the past decade, organizations seeking to protect sensitive data from negligent or malicious insiders faced two choices: invest in a Data Loss Prevention (DLP) product or an Insider Risk Management (IRM) product. These solutions addressed the same problem from different angles. DLP products focused on analyzing data content to control its movement, while IRM products monitored user behavior for risky actions.