BeyondTrust and Delinea are some of the most popular privileged access management (PAM) products on the market. They each offer a sophisticated range of tools for managing access, identities, and endpoints. But like all security tools, they’re not for everybody.…
Category: Heimdal Security Blog
Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server
An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. The vulnerability impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. What to Know About the Vulnerability By…
BeyondTrust vs. CyberArk: Pros, Cons, and Alternatives for Privileged Access Management
Privileged access management (PAM) tools have changed a lot over the last few years. Once, you could rely on a fairly standard set of features across all providers. Now, the unique security challenges of cloud technology have ushered in a…
Guide to Third Party Risk Management: Dealing with Vendor Vulnerabilities
A recent study by Cybersecurity Dive shows that nearly all companies (98%) use software integrations with third-party vendors that have suffered breaches in the past two years. Since not a single company can maintain ops integrity by solely relying on…
Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer
Official Press Release Copenhagen, Denmark – May 8th, 2024 — Heimdal®, a global leader in cybersecurity solutions, is excited to announce the appointment of Jesper Frederiksen as its new Chief Executive Officer. Bringing a wealth of experience from the SaaS and cloud…
20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk
Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all…
Sophos vs. Palo Alto: Intercept X vs. Cortex XDR (Comparison, Reviews, And Alternatives)
If you’re in the market for an endpoint detection and response (XDR) solution, there’s a good chance you’ll find yourself wondering whether Sophos vs Palo Alto XDR is the right tool for you. These are some of the most popular…
A System Administrator’s Challenges in Patch Management
Patching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching. Alex has been a System Administrator in…
MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN
MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The…
Patch Now! CrushFTP Zero-day Lets Attackers Download System Files
CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day…