Any system secured behind just a username and password is asking for trouble. Research from Microsoft estimates that over 99% of account takeover attacks can be stopped if the end user has multi-factor authentication (MFA) enabled. MFA is pretty... Read More
News and Research
Categories
[New research] Which passwords are attackers using against RDP ports right now?
The Specops research team has been analyzing 15 million passwords being used to attack RDP ports, in live attacks happening against networks right now. Our team have found the ten most common passwords attackers are using and analyzed their... Read More
How cyber-realistic is Netflix’s Zero Day thriller?
The idea of an entire country being shut down by cyberattack is a scary thought. In Netflix’s recent thriller ‘Zero Day’, this is the reality faced by former president (played by Robert de Niro). To find out how realistic... Read More
HIBP adds 284M malware-stolen accounts: Takeaways on Telegram & infostealers
Leaked credentials are in high demand on underground marketplaces. A database of stolen credentials is a like a giant box of keys to a hacker. With the use of the right software, they can rapidly try these keys against... Read More
Introducing MFA for Windows Logon, RDP or VPN with Specops Secure Access
We’re excited to introduce Specops Secure Access: Multi-Factor Authentication (MFA) for Windows logon, RDP, and VPN — a powerful new way to add an extra layer of protection to your organization’s authentication process. By implementing MFA at key access... Read More
Botnet targets Microsoft accounts with password spraying attack
A huge botnet (network of private computers infected with malware) of 130,000 devices has been targeting Microsoft 365 service accounts across the world. First discovered by SecurityScorecard on February 24th, the botnet appears to be engaged in a mass... Read More
The power of love and breached passwords
When analyzing breached passwords from the Specops database, we often turn up some surprising trends and insights. For example, the unexpected prevalence of the word “love” in passwords and its significance across different languages and cultures. We’ll take a... Read More
AI arms race: How AI will be used by cyber-attackers (and defenders)
It’s no surprise that AI’s explosive growth in the last five years has also greatly expanded the need for sophistication and preparation from security threats. While artificial intelligence presents new challenges, machine learning and neural networks also expand security... Read More
[New research] Learn what 1 billion+ malware-stolen credentials mean for your 2025 security to-do list
The Specops research team have launched the 2025 Breached Password Report, which contains analysis of over 1 billion malware-stolen passwords. The launch of the report also coincides with the latest addition of over 210 million compromised passwords to the Specops Breached... Read More
How to build a PCI-compliant password policy
The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines designed to protect cardholder data and ensure that organizations handling payment card information maintain a secure environment. Among its many requirements, PCI DSS places significant... Read More