Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Digital Identity

EP 46 - Behind the Data Breach: Dissecting Cozy Bear's Microsoft Attack

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard.

A Deep Dive into Penetration Testing of macOS Applications (Part 3)

This is the final installment of the blog series “A Deep Dive into Penetration Testing of macOS Applications.” Previously, we discussed the structure of macOS applications and their analysis techniques. Now, we will focus on client-side attacks in macOS applications. In penetration testing, the goal is to identify vulnerabilities in the app. To do that effectively, it’s important to understand how these attacks work. So, let’s dive in and learn more!

How K-12 Organizations Can Better Protect Students' Digital Identities

The education industry isn’t just in the business of teaching students, it’s also responsible for a lot of data, primarily personally identifiable information (PII), making these organizations a major target for threat actors. In March of 2023, Minneapolis Public Schools saw ransomware group Medusa publish current and former students “former student records, parent contacts, home addresses and IDs with pictures.” Unfortunately, this instance isn’t an outlier.

Tiered KYC in Indian Payment Banks: Boosting Financial Inclusion

In India’s dynamic digital finance landscape, Payment Banks play a crucial role in extending banking services to the underbanked and unbanked populations. These banks are at the forefront of a financial revolution, aiming to secure and authenticate transactions through the stringent Know Your Customer (KYC) mandates set by the Reserve Bank of India (RBI).

APT29's Attack on Microsoft: Tracking Cozy Bear's Footprints

A new and concerning chapter has unfolded in these troubled times of geopolitical chaos. The Cozy Bear threat actor has caused significant breaches targeting Microsoft and HPE, and more are likely to come. These recent events have sent shockwaves throughout the tech community, and for good reason. As we continue to uncover the fallout from these breaches, it has become apparent that the magnitude of the incident is more significant than we first realized.

Child Identity Theft: What It Is and How To Protect Your Child

Child identity theft occurs when someone uses a minor’s personal information to get loans, open credit cards, steal benefits or secure employment– all under a child’s name. One in 50 children in the U.S. are victims of child identity theft yearly, making it crucial for parents to take steps to protect their children from identity theft. Continue reading to learn more about child identity theft and the steps you can take to protect your child.

Securing Database Access: DPA Zero Standing Privilege Approach with Native pgAdmin Utility

In this video, we'll guide you through the process of utilising CyberArk DPA's capabilities to seamlessly connect to a Postgres database using the PGadmin client, leveraging the secure foundation of JIT access approach for enhanced security and efficiency.

Redefining PAM to Secure OT and IoT Devices

Left to their own devices, your organization’s devices can be a significant source of risk. Consider operational technology (OT), which is crucial for organizations but is not engineered and operated with a security-first mindset. Often, OT systems are beyond the purview of CISOs and are focused on meeting key objectives for system uptime and efficiency – leaving them vulnerable.

EP 45 - OT Security's Digital Makeover

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape.

Securing Database Access: DPA Zero Standing Privilege Approach with Native HeidiSQL Utility

In this video, we'll guide you through the process of utilizing CyberArk DPA's capabilities to seamlessly connect to a Postgres database using the HeidiSQL client, leveraging the secure foundation of JIT access approach for enhanced security and efficiency.