Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Why Your Organization Needs Dynamic Secrets and Rotation

In today’s rapidly evolving digital landscape, organizations confront a formidable array of cyber threats, with attacks and data breaches becoming increasingly prevalent. As businesses embrace transformative technologies such as AI, automation, cloud-native architectures, microservices and containerization, the proliferation of machine identities has surged, often surpassing human identities.

How Time, Entitlements and Approvals (TEA) Can Secure the Keys to Your Cloud

A popular topic of conversation in my day-to-day work is how to secure privileged access to cloud management consoles and workloads. And that’s no surprise, considering more and more applications and workloads are migrating to the cloud. Up until recently, the answer has typically been clear when it comes to identity security and privileged access management (PAM). It’s simple: first, you manage credentials by securing them in a vault. The next step is to rotate them.

Why Machine Identities Are Essential Strands in Your Zero Trust Strategy

Just like a snagged strand can ruin your garment, overlooking the security of machine identities can tear the very fabric of Zero Trust that protects your organization from bad actors. As a quick refresher, Zero Trust operates on the principle that no entity inside or outside the network perimeter is trusted by default. As we usher in an era where the traditional network perimeter has dissolved due to cloud services, remote work and mobile access, the necessity for Zero Trust becomes even more pronounced.

Enterprise Browser: The Gateway to Securing All Identities

With new identities, environments and attack methods dominating today’s threat landscape, cybersecurity leaders are hyper-focused on securing identities to safeguard enterprises. However, a glaring, high-touch security gap exists that threat actors actively exploit to steal confidential data. And unsuspecting as it seems, that gap lies in the most used enterprise application of all time – the web browser.

The Hacker's Guide to The Cosmos (SDK): Stealing Millions from the Blockchain

Welcome, fellow travelers of the Cosmos! While we may not be traversing the stars on a spaceship, we are all interconnected through the powerful network of blockchains. Unfortunately, just like any technology, vulnerabilities can be discovered and exploited. In this post, we’ll present a critical vulnerability in a Cosmos-SDK blockchain that is explicitly related to the Inter-Blockchain Communication Protocol (IBC).

CIO POV: 3 Considerations as the 2024 Cyber Roller Coaster Gathers Speed

If the first month-plus of 2024 is any indication, this year is likely to be anything but ordinary in the cybersecurity realm. In January alone, a triad of events unfolded, each more riveting than the last, setting the stage for a year that promises to be as unpredictable as it is exciting. The following recent events have me reflecting on processes and controls that can help you better protect your organization’s most sensitive assets.

EP 46 - Behind the Data Breach: Dissecting Cozy Bear's Microsoft Attack

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard.

A Deep Dive into Penetration Testing of macOS Applications (Part 3)

This is the final installment of the blog series “A Deep Dive into Penetration Testing of macOS Applications.” Previously, we discussed the structure of macOS applications and their analysis techniques. Now, we will focus on client-side attacks in macOS applications. In penetration testing, the goal is to identify vulnerabilities in the app. To do that effectively, it’s important to understand how these attacks work. So, let’s dive in and learn more!

APT29's Attack on Microsoft: Tracking Cozy Bear's Footprints

A new and concerning chapter has unfolded in these troubled times of geopolitical chaos. The Cozy Bear threat actor has caused significant breaches targeting Microsoft and HPE, and more are likely to come. These recent events have sent shockwaves throughout the tech community, and for good reason. As we continue to uncover the fallout from these breaches, it has become apparent that the magnitude of the incident is more significant than we first realized.

Redefining PAM to Secure OT and IoT Devices

Left to their own devices, your organization’s devices can be a significant source of risk. Consider operational technology (OT), which is crucial for organizations but is not engineered and operated with a security-first mindset. Often, OT systems are beyond the purview of CISOs and are focused on meeting key objectives for system uptime and efficiency – leaving them vulnerable.