Learn how attackers use mdxfind to uncover unknown or mixed hashing algorithms and make password cracking easier. Read More
Credential-based Attacks
Categories
Are Rainbow Tables Still Relevant in 2026?
After the recent NTLMv1 rainbow table release, Specops investigates whether rainbow tables are still a relevant threat to organizations. Read More
How Attackers use Targeted Wordlists in Password Cracking
Learn how cybercriminals use targeted wordlists in password cracking, and how your organization can limit the impact of these attacks. Read More
Credential stuffing attacks: How they work & tips for prevention
Credential stuffing attacks are on the rise, and they’re not going away any time soon. As long as users continue to reuse passwords and attackers have easy access to breach data, the threat will persist. And with recent reports... Read More
Quishing attacks: How QR codes steal credentials
QR codes have been around for a while, but they became far more widespread in daily life after the COVID-19 pandemic. What started as contactless menus became boarding passes, payment systems, and authentication gateways. But this ubiquity created a... Read More
How to optimize Entra MFA with Specops uReset and Secure Service Desk
At Specops Software, we work closely with many customers and assist with the challenges they face in transitioning to more secure authentication methods. This has become increasingly critical as both the complexity and frequency of cyberattacks have increased. Our... Read More
Stale admin account with ‘123456’ password gives McDonald’s a security scare
Interacting with a chatbot as part of a hiring process feels somewhat dystopian from a candidate’s perspective. In this case, there was almost an added twist when candidate data was nearly exposed thanks to weak cybersecurity controls from the... Read More
Third-party risk: Behind the Google, Chanel, & Air France-KLM breaches
2025 has been a summer of high-profile breaches. This post will focus on four notable and high-profile victims: Chanel, Google, Air France, and KLM. Although the companies and exact data sets differ, these breaches share a clear pattern: attackers... Read More
MFA failure costs Hamilton $18m in cyber insurance payout
On February 25th, 2024, a sophisticated ransomware attack struck the City of Hamilton, crippling roughly 80 percent of its network. This included business licensing, property-tax processing, and transit-planning systems. Cybercriminals proceeded to demand an $18.5 million ransom that the... Read More
How one weak password destroyed KNP: A sad lesson in the cost of password neglect
Businesses fail all the time, for all sorts of reasons. Especially startups and fledgling ventures. So when a business like Knights of Old (trading as KNP Logistics Group) survives a century and a half, through enough recessions, wars, government... Read More