Each July, my family and I take a road trip from Kentucky back to my hometown in northwestern Pennsylvania to spend time on Lake Erie. As tradition dictates, we stop along I-71 for coffee at a branch of a certain coffee shop, which also happens to be my former employer as a teen. (Let’s call it Siren Coffee.) This year, we sat waiting in the drive-thru for a drip coffee for a full 10 minutes.

In this episode of Trust Issues, we dig into the recent the global IT outage caused by a CrowdStrike software update, which impacted millions of Microsoft Windows endpoints and disrupted many sectors. This “black swan” event highlights, among other things, the importance of preparedness, adaptability and robust crisis management.

Following our post “A Brief History of Game Cheating,” it’s safe to say that cheats, no matter how lucrative or premium they might look, always carry a degree of danger. Today’s story revolves around the developer of the popular EvolvedAim, a cheat for Escape From Tarkov. He sold his tool with an information stealer bundled with it, double-dipping and causing damage to his clients and to the game itself.

Over the short span of video game cheating, both cheaters and game developers have evolved in many ways; this includes everything from modification of important game variables (like health) by using tools like Cheat Engine. In addition, game botting impacts both game and real-life economies. However, using modern-day anti-cheat methods is also not without danger, as modern protection tools run on the kernel level and can be abused for malicious impact on the system.

Cybersecurity key performance indicators (KPIs) measure the efficacy of an organization’s cybersecurity program. In a rapidly changing threat landscape characterized by new identities, environments and attack methods, many potential KPIs exist to track. Measuring too many things can be distracting or misleading, while not measuring enough can create gaps in understanding and protection.

Okay, so you’re a security leader at your enterprise – congratulations! It’s a big, challenging role, as you know too well. You or a colleague are likely responsible for securing the cloud and legacy apps that drive critical revenue and customer engagement for your organization. But it’s not just the apps you need to secure.

In this episode of the Trust Issues podcast, we explore the transformative impact of artificial intelligence (AI) on identity security. Guest Peretz Regev, CyberArk’s Chief Product Officer, joins host David Puner, for a discussion about how AI is reshaping cyber protection, offering solutions that are as intelligent as they are intuitive. With the ability to predict threats and adapt with unprecedented agility, AI is ushering in a new era of proactive security.

Watching the recent Snowflake customer attacks unfold felt a bit like rewatching a horror movie with predictable attack sequences and missed opportunities to run to safety. But this time, the ending was far more devasting. More than 100 organizations were exposed, and many are now grappling with the impacts of data theft and extortion in what some are calling one of the largest breaches in history.

During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager). This vulnerability allowed an unprivileged user to execute arbitrary code as SYSTEM. CyberArk responsibly disclosed this vulnerability to Delinea, including the exploit proof of concept (POC) code, as part of our commitment to contributing to the security community.

Privileged access management (PAM) programs aim to secure the highest-risk access in an organization, including using privileged credentials like passwords, SSH keys and application secrets. So, how can PAM and identity security teams prepare for a passwordless future? The answer lies in a deeper examination of what ‘passwordless’ really means and how PAM programs are modernizing to protect new identities and environments.

In the latest episode of the Trust Issues podcast, the focus is on the criticality of time in organizational security. The conversation with host David Puner and guest Katherine Mowen, SVP of Information Security at Rate (formerly Guaranteed Rate), highlights the importance of swift decision-making and prompt threat response. They discuss the role of just-in-time (JIT) access and AI in accelerating response times, as well as the ever-evolving threat landscape that requires constant vigilance.

Every organization is different, with its own unique needs, challenges and goals. That means that IT solutions, and especially IT security, must be complex tools that are highly configurable and adaptable to various scenarios. IT security solutions must be flexible and robust enough to handle many situations.

When you hear “cookies,” you may initially think of the delicious chocolate chip ones. However, web cookies function quite differently than their crumbly-baked counterparts. Website cookies are small data chunks, usually saved in a database, that websites transfer onto your computer or mobile device to save data and information about you. They enable sites to identify users and remember helpful information to enhance their experience.

In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions; these play a crucial role in protecting organizations’ assets. In this post, we delve into the world of Keycloak, a popular open-source IAM solution. As part of our work at CyberArk Labs, we research open-source projects and look for security issues so we can share our findings with the open-source and security communities.

Imagine standing in your favorite ice cream parlor, gazing at myriad flavors chilling behind the counter. The choices are tantalizing, from traditional vanilla and chocolate to a swirl of the two. Ice cream flavors have evolved from these bases into cookies and cream, mint chocolate chip, Neapolitan, birthday cake, Rocky Road, butter pecan and coffee – you get the picture. Ice cream is a lot like privileged access management (PAM) solutions.