Dave PimlottFeb 12

Oh no. Palo Alto Networks have bought Cyber Ark.

Can't* wait for the breathless marketing emails announcing the release of the AI-enabled post-quantum enterprise password management solutions.

*I absolutely can wait, those emails will go right in the bin!

#PaloAltoNetworks #CyberArk #infosec

secsolutionJan 30
PKI tradizionali sotto pressione: identita’ digitali a rischio e interruzioni di servizio per oltre la meta’ delle aziende: Le infrastrutture a chiave pubblica (PKI) continuano a essere un pilastro della sicurezza digitale, ma i modelli tradizionali mostrano sempre piu’ limiti di fronte...
#CyberArk #PKI #PonemonInstitute #identitàdigitale #security http://dlvr.it/TQg8xb
errorbodyJan 7
Hello. I'm trying to find out if #cyberark (cybersecurity company from #Israel) has any direct link to the #occupation of and the #genocide against #Palestine. This company is part of an investment product of my bank. I already submitted information which showed that employees of CyberArk volunteered in the war on #Gaza after the #Hamas attack. I'm looking for information which might implicate the company as a whole to make a case against their position in a fund offered by my bank.
N-gated Hacker NewsDec 4
🥴 Ah, the "Mysterious Realm of #JavaScriptCore," where we learned absolutely nothing about JavaScriptCore but got a full-blown ad for #CyberArk 🤖. Who knew identity security could be so... irrelevant? 🕵️‍♂️🚪
https://www.cyberark.com/resources/threat-research-blog/the-mysterious-realm-of-javascriptcore #MysteriousRealm #IdentitySecurity #TechHumor #AdWatch #HackerNews #ngated
The Mysterious Realm of JavaScriptCore

TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...

mcdwayneNov 21

Last week, before #KubeCon I was able to go to this fantastic event from #CyberArk

Hearing talks from Andrew Moore from Uber, Brett Caley from Block , Dan Choi and Brendan Paul from AWS, and more left me feeling awe-inspired.

It was an amazing evening.

I wrote up a few notes and thoughts:

https://blog.gitguardian.com/workload-identity-day-zero-atlanta

AllAboutSecurityNov 5

Zero Trust für KI-Agenten: Delegation, Identitäts- und Zugriffskontrolle - Warum die Identität von KI-Agenten relevant ist

https://www.all-about-security.de/zero-trust-fuer-ki-agenten-delegation-identitaets-und-zugriffskontrolle/

#ki #kiagenten #zerotrust #cyberark #iam

Sichere KI-Agenten mit Zero Trust: Identität absichern

Sichern Sie Ihre KI-Agenten mit Zero Trust: Optimieren Sie die Kontrolle über Identität und Zugriffsberechtigungen.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
Chuck MatternSep 9, 2025

"Being secure with machine identities"

An upcoming webinar from #RedHat and #CyberArk

https://us.resources.cio.com/resources/being-secure-with-machine-identities-2/

#security #technology #webinar

Being secure with machine identities | CIO Resource Library

Join this webcast from Red Hat and CyberArk for an informative discussion and open dialog between two thought leaders.

United States Edition
Yonhap Infomax NewsSep 5, 2025
Palo Alto Networks CEO Nikesh Arora warns that agentic AI browsers may face resistance in corporate settings due to security concerns, stressing the need for robust credential controls and highlighting ongoing industry investment in AI models.
#YonhapInfomax #PaloAltoNetworks #AgenticAI #CredentialSecurity #CyberArk #EnterpriseSecurity #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=80336
maschmiAug 8, 2025

In case you missed it: there are/were multiple vulnerabilities in #hasicorp #vault

https://discuss.hashicorp.com/t/hcsec-2025-22-multiple-vulnerabilities-impacting-hashicorp-vault-and-vault-enterprise/76096

If not already done it may be a good time to think about updating and an automated update strategy :)

Oh and #cyberark #conjur is not risk free as well. Sadly their security bulletins seem to be begin a login page. https://www.cyberark.com/product-security/

Source is this German article https://www.csoonline.com/article/4035574/hashicorp-vault-cyberark-conjur-kompromittiert.html

HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise

Bulletin ID: HCSEC-2025-22 Affected Products / Versions: HashiCorp recently published eight security bulletins for issues impacting Vault and Vault Enterprise, all of which have been addressed in the latest Vault versions: 1.20.2, 1.19.8, 1.18.13, and 1.16.24. Publication Date: August 6, 2025 Summary HashiCorp recently published eight security bulletins for issues impacting Vault Community Edition and Vault Enterprise, all of which have been addressed in the latest Vault versions: 1.20.2, 1....

HashiCorp Discuss
GripNewsAug 7, 2025
🌘 研究人員揭露熱門企業憑證庫中的遠端程式碼執行攻擊鏈
➤ 潛藏的危機:開源憑證庫淪為攻擊者的跳板
https://www.csoonline.com/article/4035274/researchers-uncover-rce-attack-chains-in-popular-enterprise-credential-vaults.html
Cyata 的研究人員在廣受企業採用的開源憑證管理系統 HashiCorp Vault 和 CyberArk Conjur 中發現了 14 項邏輯漏洞。這些漏洞允許攻擊者繞過身份驗證、存取敏感資訊、冒充身份,甚至能執行任意程式碼,對企業的關鍵基礎設施構成嚴重威脅。研究人員的發現已向廠商負責任地揭露並獲得修補。
+ 這篇報導實在太重要了!我們企業也使用這些工具,必須趕緊檢查更新。
+ 看到這些進階的攻擊手法,真是令人擔憂,信任模型如果崩潰,後果不堪設想。
#資安 #漏洞 #憑證管理 #HashiCorp Vault #CyberArk Conjur #遠端程式碼執行 (RCE)
Researchers uncover RCE attack chains in popular enterprise credential vaults

Open-source credential management systems HashiCorp Vault and CyberArk Conjur had flaws enabled remote code execution among other attacks.

CSO Online