If you have administered password policies in Active Directory or looked at the local policies present in the Windows client operating system, you may have noticed an interesting setting contained in the Account policies section. The setting is Store... Read More
Password Management
Nvidia leak shows weak passwords in use [new data]
Cyber-criminal group LAPSUS$ claimed GPU manufacturer Nvidia as one of its latest breach victims at the end of February. The news of the breach made headlines in the past few weeks, including details that employee passwords were leaked. The... Read More
How to delegate password reset permissions in Active Directory
Least privilege access is a crucial part of security that protects against overprovisioning user permissions. Even with IT technicians, and junior administrators, this needs to be considered when configuring permissions in the environment. A case in point is helpdesk... Read More
What is Active Directory? A brief overview…
Active Directory, commonly referred to as AD (not to be confused with Entra ID, formerly Azure AD) was developed by Microsoft and first released as a centralized domain directory service with Windows 2000 Server Edition. Since its original release,... Read More
SSO vs Enterprise Password Manager: Which is better for reducing your password risk?
Organizations looking to reduce the burden of passwords on their users often consider Single Sign On (SSO) vendors or deploying an enterprise password manager. Each has their advantages, so which one is best for an organization to choose? Single-sign... Read More
CISA Shields Up: How to prepare for the Russia-Ukraine cybersecurity hazard
CISA issues ‘Shields Up’ alert to warn US companies about potential Russian hacking attempts to disrupt essential services and critical infrastructure as the Russia-Ukraine crisis escalates. Get ahead of the situation with essential information. You may have seen the... Read More
UK’s National Crime Agency discovers 585 million compromised passwords in cloud storage facility
Today, Specops Software announced the addition of over 230 million compromised passwords to its Breached Password Protection database. This latest update comes from both its own internal attack monitoring systems as well as the addition of hundreds of millions... Read More
Corporate account takeover attacks and prevention
Corporate account takeover is a form of identity theft, wherein an unauthorized entity steals and assumes an employee’s digital identity, to perform actions on behalf of that user, while remaining undetected. The popularity of corporate account takeover attacks lies in their afforded safeguards for bad actors.... Read More
Securing ADFS against password spraying attacks
Stolen account passwords provide the “path of least resistance” into a victim network for an attacker. Once compromised credentials are obtained, the attacker can easily access business-critical systems with little effort. Active Directory Federation Service (ADFS) is a solution... Read More
CIS Benchmark Password Policy
With technology constantly evolving, cybersecurity organizations are helping people, businesses, and governments with best practices to protect themselves against emerging threats. The Center for Internet Security (CIS) is one of these advisement groups. The CIS Controls and CIS Benchmarks provide globally recognized best practices for security IT systems and... Read More