You keep your organization’s computers, devices and servers safe, but what about your employees’ devices? The security of their mobile phones, laptops, tablets and other devices is just as critical to your overall security posture. As company endpoints grow, so does their vulnerability. In fact, 66% of organizations are experiencing a growth in endpoint threats.

The Windows kernel driver is an interesting space that falls between persistence and privilege escalation. The origins of a vulnerable driver being used to elevate privileges may have begun in the gaming community as a way to hack or cheat in games, but also has potential beginnings with Stuxnet.

Open source software has revolutionized the software development landscape, providing cost-effective solutions and promoting collaboration among developers worldwide. However, the legal terms associated with open source licenses can be complex, and improper management of these licenses may lead to significant legal risks.

The global economic landscape is shifting. Cybersecurity skill shortage, inflation, and supply chain concerns are key issues contributing to price hikes and increased business costs. In this challenging environment, end customers are evaluating their spending, and channel partners, especially those delivering managed services, have been planning to raise prices on their services.

With ever-increasing application architecture complexity, infrastructure-as-code is your key to boosting your cloud security posture.

Tailored use of pen testing can provide critical support and insights for gauging the health of your SDLC.

Editor’s note: This is the final part of a five-part cloud security series that covers protecting an organization’s network perimeter, endpoints, application code, sensitive data, and service and user accounts from threats. So far in this series, we’ve looked at the importance of securing an organization’s network, its application components, the endpoints that support those components, and its application data.

CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware operators by using social engineering tactics on them. Additionally, we have found that Vare uses Discord’s infrastructure as a backbone for its operations. This malware is linked to a new group called “Kurdistan 4455” based out of southern Turkey and is still early in its forming stage.

Platform engineers need to be empowered in an organization’s security program. Their work has huge leverage over a product's security posture, arguably as great an impact (some would even say greater) than application vulnerabilities. Despite the significance of the impact of their work, their role in security programs remain ill-defined.