During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager). This vulnerability allowed an unprivileged user to execute arbitrary code as SYSTEM. CyberArk responsibly disclosed this vulnerability to Delinea, including the exploit proof of concept (POC) code, as part of our commitment to contributing to the security community.

With cyber threats constantly evolving, securing your network is more than just strong passwords or firewalls—it’s ensuring that the right people have access to the right resources at the right times. Understanding and implementing effective network access management is the cornerstone of protecting valuable data and maintaining operational efficiency.

Modern cybersecurity challenges require a comprehensive approach to attack surface management. As technology evolves, organizations find themselves facing a multitude of cyber threats from various directions. These threats are not limited to internal systems but extend across external attack surfaces and the digital supply chain. To navigate this complex threat landscape, organizations need more than just raw data; they need actionable threat intelligence that provides context and guides targeted action.

Network Access Control (NAC) has undergone significant advancements since the beginning, continuously adapting for cybersecurity threats and technological innovation. As organizations embrace BYOD (Bring Your Own Device) and IoT/OT (Internet of Things/Operational Technology), vendors have transformed traditional NAC solutions to meet these new demands while maintaining a balance between usability and security.

Ponzo schemes continue to grow in complexity and notoriety. These schemes are not transactions or one-time hacks. “Ponzi schemes are fraudulent business operations that promise high returns with little or no risk, claiming investors' money will go towards a legitimate investment.” Investors believe they will score huge returns from their initial investment, yet most only realize once it is too late that the entire scheme is doomed to fail from the beginning.

LinkedIn is the world's largest professional networking service for accountants, policemen, politicians, advertising professionals, business executives, college students, investment bankers, and consultants. Most use LinkedIn to connect with others and help with career development, new business contacts, and professional networking. However, job scams and other online cybercriminals use LinkedIn features for fraudulent activities.

Cybersecurity Maturity Model Certification (CMMC) is a comprehensive program to enforce conformance with the NIST 800-171 security controls for non-government organizations handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The program has a three tiered requirements structure based on the nature and sensitivity of information an organization handles.

Since the beginning of the year, we’ve committed to enhancing your experience in ways that will help you easily accomplish whatever you set out to do when you open 1Password – especially saving, finding, and accessing your sensitive data across any of the devices you’re using.

A question that all small, security-conscious organisations face is: “What's next?” They know that their antivirus (AV) is not enough. AVs detect malware through a combination of signatures, heuristics, and integrity checking. However, an AV cannot detect malware that is encrypted or that mimics trusted applications or insider threats, such as an employee exfiltrating client data to a third party. More than half of all detected malware now evades AV solutions.

A new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of ransomware for distraction or misattribution. It was inevitable: a threat group using a secondary attack type to cover their tracks – whether those “tracks” are the groups true intent, who’s responsible – or to simply make some additional money after they’re done with the initial attack.