This blog will explore the risks posed to an organization when an employee is targeted by a social engineering attack, the top social engineering schemes to look out for, and the best ways to fend off a social engineering attacker when they do make contact.
IoT is now pervasive and often represents a security weak link in enterprises. It’s far past time for organizations to account for IoT as part of their core endpoint security and edge security strategies. Read on to learn about the top IoT security vulnerabilities, as well as best practices for your hardening your IoT environment and reducing risk.
An insider threat is an internal persona acting as a trusted asset (employee, contractor, vendor, partner, etc.) behaving as a threat actor. Typically, the insider exhibits malicious behavior with intent, but sometimes, they are unaware of their actions are directed by an external threat actor. Regardless, the insider misuses their access and privileges for illicit purposes intentionally, or as directed by an external force. By recognizing insider threat indicators, organizations can detect insider attacks faster and prevent, or mitigate, the damage.
BeyondTrust has released the latest updates to Privileged Remote Access (PRA), which allows organizations to secure, control, and audit vendor and internal remote access. PRA 22.3’s new features will enhance the user experience for existing users and further extend PRA’s role as the best secure remote access solution on the market.
If one malicious piece of clickbait can actually destroy you and your business, then why are so many people still making this mistake? This blog discusses the challenges with malicious links and attachments, the best ways to recognize them when they do appear, and how their impacts can be significantly reduced, if not altogether mitigated, by following simple cybersecurity hygiene guidelines.
At BeyondTrust, customers who investigate Azure Active Directory (AD) security tools while seeking to complete digital workplace transformation projects across their Windows Azure estate, voice a common challenge: How can we maintain the functionality currently provided by Microsoft’s Local Administrator Password Solution (LAPS) in a cloud-managed Azure AD-joined device? This blog explains what LAPS is, the shortcomings of LAPS, and how BeyondTrust Privileged Access Management (PAM) solutions can help you securely make the leap to the cloud—while bringing best practice privileged access security along with you.
On the 10th of August 2022, Cisco confirmed they had been breached by the Yanluowang ransomware group. On the same day, the Yanluowang group posted a notice on their own site and claimed to have stolen 2.75GB of Cisco’s data, consisting of around 3100 files, including NDA documents and engineering files. This blog explores the steps—and missteps (mismanaged credentials and privileged identities)—around this incident and see what lessons can be learned.
A one-time password (OTP) is the password used in a credential pair that is valid for only one login session or transaction. OTPs are used to minimize the risks of traditional, static password-based authentication by making passwords variable per operation. As an added layer of security, OTP implementations can also incorporate two-factor authentication (2FA) to help verify the identity of the individual using an additional trusted source.
During security events, we learn about the indicators of compromise, attack vectors, and the financial cost of the breach to the business and clients. Somewhere during the process, we learn if it was a threat actor, hacker, or attacker that caused the malicious activity. The questions are, “What is the difference?” and “Don’t they all mean the same thing?” Well, the truth of the matter is they don't, and many times they are used incorrectly in reporting a breach or even a minor cybersecurity incident.
The Windows DogWalk vulnerability (CVE-2022-34713) presents a prime reminder of why a proactive approach to endpoint security is so important. This blog will discuss the DogWalk vulnerability and how organizations can proactively protect themselves from such vulnerabilities and other threats with endpoint privilege management.
The right integrations create a powerful IT environment that is greater than the sum of its parts. This blog discusses the importance of BeyondTrust and SailPoint's better together approach to identity security.
The cloud is a brave, new (well, sort of new) world that many are running headlong into with a sense of urgency that’s, frankly, astonishing. This blog takes a quick glimpse at the thought process that went into the writing of Cloud Attack Vectors to discuss the cybersecurity problems and challenges that make understanding the attack vectors in the cloud vital.