Marcus White

Deployment

Security

Technical

Marcus is a Specops cybersecurity specialist based in the UK, with 8+ years experience in the tech and cyber sectors. He writes about authentication, password security, password management, and compliance.

Articles written by Marcus White

Aug

13

Stale admin account with ‘123456’ password gives McDonald’s a security scare

Interacting with a chatbot as part of a hiring process feels somewhat dystopian from a candidate’s perspective. In this case, there was almost an added twist when candidate data was nearly exposed thanks to weak cybersecurity controls from the chatbot…
Read More
Aug

11

Third-party risk: Behind the Google, Chanel, & Air France-KLM breaches

2025 has been a summer of high-profile breaches. This post will focus on four notable and high-profile victims: Chanel, Google, Air France, and KLM. Although the companies and exact data sets differ, these breaches share a clear pattern: attackers compromised…
Read More
Aug

05

MFA failure costs Hamilton $18m in cyber insurance payout

On February 25th, 2024, a sophisticated ransomware attack struck the City of Hamilton, crippling roughly 80 percent of its network. This included business licensing, property-tax processing, and transit-planning systems. Cybercriminals proceeded to demand an $18.5 million ransom that the city…
Read More
Aug

04

How one weak password destroyed KNP: A sad lesson in the cost of password neglect

Businesses fail all the time, for all sorts of reasons. Especially startups and fledgling ventures. So when a business like Knights of Old (trading as KNP Logistics Group) survives a century and a half, through enough recessions, wars, government changes,…
Read More
Jul

28

“Can you reset my password?” How a simple service desk attack cost Clorox $400 million

Last week, cleaning products giant Clorox took the unusual step of suing its IT services partner Cognizant for gross negligence. Clorox are alleging that the August 2023 ransomware attack they suffered came about thanks to an incredibly simple piece of…
Read More
Jul

15

[New research] Heatmap of 10 million breached passwords: 98.5% are weak

The Specops research team has analyzed 10 million random passwords from the 1 billion+ breached password list used by Specops Password Auditor. These are all real compromised passwords that have been captured by Specops, which you can scan your own…
Read More
Jul

11

Hackers’ 5 top password cracking techniques

Cyber-attacks come in many forms and continue to evolve, but there’s one tried and trusted unauthorized entry method that’s stood the test of time – cracking a user’s password. Despite this, too many organizations still rely on outdated advice and…
Read More
Jul

10

NHS cybersecurity experts talk passwords and Specops

NHS organizations have a challenge on their hands when it comes to cybersecurity. They have to defend sprawling, heterogeneous IT environments against relentless cyber‑threats, all while keeping their number one priority in mind: patient care. On a recent Specops webinar,…
Read More
Jun

30

Man-in-the-Middle (MITM) attack guide & defense tips

Imagine you’re overseeing your organization’s network security when suddenly you notice an unusual traffic pattern: packets flowing through a server that shouldn’t be there. What you’re witnessing could be a Man-in-the-Middle (MITM) attack in action, where an adversary stealthily intercepts…
Read More
Jun

24

[Analysis] 16 billion passwords leaked – how much is recycled data?

Researchers recently uncovered a (seemingly) unprecedented aggregation of roughly 16 billion username–password pairs. However, there’s been some debate around how much of this is recycled data versus new. Similarly to the Rockyou2024 password list and ALIENTXTBASE data dump, our own…
Read More