A U.S. State Government organization’s network was recently compromised through a former employee's administrator account. The organization itself is unnamed, but we know that the threat actor successfully authenticated into an internal virtual private network (VPN) access point using... Read More
Credential-based Attacks
Categories
Microsoft password spraying hack proves securing every account matters
Microsoft released a statement on Friday 19th January saying their corporate network had been compromised by Russian-state hackers, who were able to exfiltrate emails and attached documents. The software giant said only a ‘very small percentage’ of corporate email... Read More
What is cybersquatting and how can you protect your brand?
Impersonation fraud is one of the biggest threats facing today’s businesses — and the threat continues to grow. In fact, the US Federal Trade Commission reports that impersonation attacks, which includes misleading domain names (also known as cybersquatting), are increasing... Read More
Microsoft transitions NTLM to Kerberos in Windows to boost security
Windows authentication is a process that’s been around for decades. Unsurprisingly, attackers often target this authentication mechanism, preying upon weaknesses and vulnerabilities as they crop up. To help secure Windows authentication, Microsoft recently announced it was deprecating reliance on... Read More
Holiday season cyber threats: Is your service desk prepared?
Cybercriminals strategically time their attacks for when cyber defenses are most vulnerable. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have noticed a significant increase in ransomware attacks against US companies during holidays and weekends.... Read More
Nine ways MFA can be breached (and why passwords still matter)
Of all the access security recommendations you come across, multi-factor authentication (MFA) is arguably the most consistent. And there’s good reason many best practice recommendations and compliance frameworks now place MFA at the top of the list of security... Read More
MGM Resorts hack: How attackers hit the jackpot with service desk social engineering
Hotel and entertainment giant MGM Resorts were left reeling in September 2023 after a serious cyber-attack that kicked off with a fraudulent call to their Service Desk. In the days after the attack, they struggled to get systems back... Read More
British law firms are under attack from ransomware. How should we upgrade our cyber defences?
Law firms across the UK have been given a stark warning in a recent report by the National Cyber Security Centre (NCSC): get serious about upgrading your cyber defences or risk your legally privileged information being stolen by ransomware... Read More
Hybrid password attacks: How they work and how to stop them
Cybersecurity measures force threat actors to get creative and come up with new and inventive ways to compromise user credentials. As the name suggests, hybrid password attacks involve combining two or more attack methods to carry out password cracking.... Read More
Brute force attacks: How they work & how to prevent them
Compromising login credentials is the goal of many modern cyber-attacks. According to Verizon’s 2025 Data Breach Investigations Report, 88% of web application attacks over the past year involved the use of stolen credentials, demonstrating how vulnerable password-based systems remain without... Read More