Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I recently sat down with Daniel Maier-Johnson, the Chief Information Security Officer (CISO), and Markus Diehm, Cybersecurity Analyst, with Asklepios Kliniken GmbH, Germany’s second-largest private healthcare provider, to hear about their experience using CyCognito to gain continuous monitoring, prioritize cyber risks, and safeguard patient information. Vital to any healthcare organization, is keeping patient data safe while complying with an ever-growing number of government regulations.

Cloud systems were created to maintain information on a comprehensive, accessible, and flexible platform. Although this system is still preferred by many companies, especially multinationals, to facilitate access to information between different teams within organizations, irresponsible use of the Cloud can create serious problems for corporate cybersecurity. Ticketmaster is a recent case in point.

Adversaries are not breaking in; they are logging in. The CrowdStrike 2024 Global Threat Report highlights an alarming trend: In 75% of cyberattacks detected in 2023, adversaries gained initial access through malware-free methods. This means they acquired valid credentials via techniques such as password spraying or phishing — or they simply purchased them off the dark web.

2024 is expected to be another year of strong growth in the SASE market. Dell’Oro Group predicts the SASE market will surpass $10 billion by the end of the year “representing more than a doubling of the total market in three years,” according to Mauricio Sanchez, Senior Research Director of Dell’Oro Group. Gartner expects the market for SASE to reach $25 billion by 2027. What’s driving this trend?

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.

Imagine standing in your favorite ice cream parlor, gazing at myriad flavors chilling behind the counter. The choices are tantalizing, from traditional vanilla and chocolate to a swirl of the two. Ice cream flavors have evolved from these bases into cookies and cream, mint chocolate chip, Neapolitan, birthday cake, Rocky Road, butter pecan and coffee – you get the picture. Ice cream is a lot like privileged access management (PAM) solutions.

In today’s connected world, many organizations’ “keys to the kingdom” are held in identity and access management (IAM) solutions; these play a crucial role in protecting organizations’ assets. In this post, we delve into the world of Keycloak, a popular open-source IAM solution. As part of our work at CyberArk Labs, we research open-source projects and look for security issues so we can share our findings with the open-source and security communities.

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code.

Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with standards, guidelines, and best practices to help them manage and reduce their cybersecurity risks.

A high-severity remote code execution (RCE) vulnerability has been found in OpenSSH’s server (CVE-2024-6387) by the research team of Qualys. This issue is especially concerning because it brings back a problem that was originally fixed in 2006, showing that one of the most popular secure software still has hidden bugs. This discovery follows another major vulnerability found in the XZ Utils library just a few months ago, highlighting ongoing security challenges.