The NIS2 Directive is an important piece of legislation for anyone working in cybersecurity across the European Union. An evolution of the original Network and Information Systems (NIS) Directive, NIS2 expands its reach and tightens its requirements, reflecting the... Read More
Compliance
Securing authentication tokens by preventing delegation of admin accounts
The underlying capabilities provided by Kerberos authentication in Active Directory means that access tokens can be delegated to users and computers for various purposes. Attackers can capitalize on the built-in capabilities of Active Directory with impersonation and delegation to... Read More
[New Data] Attackers Are Using These Passwords to Attack the RDP Port Right Now
The Specops Breached Password Protection List Tops 3 Billion Unique Compromised Passwords from Live Attack Data and Leaked Lists Today, the Specops Software research team is sharing the results of our analysis on what passwords are being used to... Read More
Service account password rotation
Service accounts are the unseen heroes of your organization’s architecture – they keep critical services running. While most organizations are generally aware of the sensitive nature of service accounts, password practices can still be poor. It is not uncommon... Read More
New Compliance Standards & More: See What’s New in Specops Password Auditor
Today, we’ve released the latest Specops Password Auditor — a read-only program that can help IT admins identify password vulnerabilities including number of accounts with compromised passwords and more. In this release, we’ve introduced a big update to our... Read More
Ransomware attacks continue to rage on government entities
Ransomware attacks are on the rise and target businesses across many industries and sectors. Government entities are also on the radar of ransomware gangs and have been the subject of many high-profile ransomware attacks. Governmental entities have been a... Read More
Active Directory and domain controller security best practices
Windows Servers in the environment housing the Active Directory Domain Services (AD DS) role are some of the most sought-after targets for attackers today. It is because Active Directory contains the credential store for all the user and computer... Read More
Ransomware attack types: Ransomware Attacks 101 – from Wannacry to Darkside
Think of ransomware attacks as virtual kidnapping. Ransomware actors use encryption to hold your devices’ functions and files hostage or lock you out of your system. Then they request a ransom for its release. These actors are mostly motivated... Read More
Family Educational Rights and Privacy Act (FERPA) and Cybersecurity
Most have heard of HIPAA, GPDR, and other compliance regulations and best practices that govern data privacy and security for healthcare, personally identifiable information, and other forms of sensitive data. However, when it comes to educational institutions, the Family... Read More
Vulnerability testing vs. Penetration testing
With the wide range of growing cybersecurity threats creating risks for businesses today, organizations must be proactive in their approach to cybersecurity. The days of reactive security and waiting for cybersecurity incidents are over. The sheer scope, scale, and... Read More