Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Storing sensitive values is a problem as old as software itself. In 2016, Uber experienced a massive data breach that exposed 57 million users’ personal information—all traced back to a hardcoded AWS credential discovered in a GitHub repository. While we have successfully established that hardcoding secrets such as API keys and passwords is bad practice, correctly storing them is a different story, and the issues from 2016 are still prevalent today (8 years later…).

Active Directory (AD) is prolific, with an estimated deployment at 90% of organizations worldwide. Meanwhile, Entra ID deployment is increasing, as is the prevalence of Hybrid environments which deploy both. The widespread use of AD makes the repository a target for cybercriminals. Although rarely discussed, identity, access privileges, and cybercrime are intrinsically linked, with 90% of organizations being victims of at least one identity-related incident in 2023.

“3,205 reported data compromises in the U.S. in 2023, a 78% increase over 2022. 1 In our opinion, this doesn’t even account for unreported breaches. So, it’s no secret that cyber threats are increasing exponentially. According to Gartner, 70% of breached organizations reported significant business disruption. 1 Clearly, the more we include technology in our lives, the more threat actors will exploit digital vulnerabilities that can stall or even shut down an organization.

When organizations adopt remote work, they face increased cybersecurity risks. Privileged Access Management (PAM) helps mitigate these risks by reducing the attack surface, minimizing insider threats, and providing enhanced visibility and monitoring capabilities. Continue reading to learn the cybersecurity risks unique to remote work environments and how PAM helps address them.

The business world has an identity security problem. Identity telemetry dominated Arctic Wolf’s list of the top 10 security investigation types over the past 12 months, and 70% of organizations were targeted by business email compromise (BEC), an attack that often relies on identity compromise for success, in 2024.

Identities, computers and groups all need access to resources. But only enough to fulfill a role, and only for as long as they need it. AD Admins, IT leaders, VPs and CISOs recognize this as a foundational part of Zero Trust least privilege models – and as one of the biggest challenges for enterprises. That’s because using native tools for privilege management is complex.

AWS and other cloud infrastructure exposed to after attacks uncovered in the wild Cloud networking solutions provider Aviatrix has published a new vulnerability (CVE-2024-50603) in its controller. This vulnerability allows unauthenticated actors to run arbitrary commands. This Remote Code Execution (RCE) vulnerability, rated CVSS 10 (critical), has been exploited in the wild. A patch is already available on GitHub. Alternatively, users can update to the secure versions 7.1.4191 or 7.2.4996.