Corporate Account Takeover (CATO) is a growing threat that allows cybercriminals to gain unauthorized access to business accounts, leading to financial fraud, data breaches, and operational disruptions. Attackers use tactics such as phishing, credential stuffing, and malware to compromise... Read More
Blog
Categories
Securing ADFS against password spraying attacks
Stolen account passwords provide the “path of least resistance” into a victim network for an attacker. Once compromised credentials are obtained, the attacker can easily access business-critical systems with little effort. Active Directory Federation Service (ADFS) is a solution... Read More
Australia’s Cyber Security Strategy and stolen credentials
To address the growing number of cyber threats, Australia released a new version of the Australia’s Cyber Security Strategy 2020 on August 6, 2020. The 2020 version of the strategy replaces the earlier strategy from 2016, and will be delivered through the combined efforts... Read More
What Happens When You Don’t Secure The Service Desk?
Employee password resets make up a big percentage of the tickets that the service desk handles on a daily basis. While a lot can be said for the high costs that are incurred at the help desk for these types of calls, which Forrester estimates cost about $70 per call, more can be... Read More
Network hardening techniques
The network is the lifeblood of any infrastructure, allowing communication between hardware and services. Protecting one’s network against penetration is essential. Successful attacks can lead to data theft or outages, effectively crippling services, and undermining privacy. These problems are expensive and time consuming... Read More
Password Policy Compliance Report in Specops Password Auditor
Organizations looking to evaluate how well their existing password policies measure up against different compliance standards may benefit from running a free scan with Specops Password Auditor. One of the reports Password Auditor provides is the Password Policy Compliance report.... Read More
What is Gramm-Leach Bliley Act (GLBA)?
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, requires financial institutions to explain their information-sharing practices to their customers, and to safeguard sensitive data. The GLBA applies to all companies that offer consumer financial products or services like loans, financial or investment advice, or... Read More
CIS Benchmark Password Policy
With technology constantly evolving, cybersecurity organizations are helping people, businesses, and governments with best practices to protect themselves against emerging threats. The Center for Internet Security (CIS) is one of these advisement groups. The CIS Controls and CIS Benchmarks provide globally recognized best practices for security IT systems and... Read More
“Who you gonna call?” About these compromised passwords [new data]
If your colleagues are Ghostbuster fans, they might be at risk for compromised password use. Ahead of the upcoming Ghostbusters: Afterlife movie release, Specops Software investigated which Ghostbuster-themed passwords were most popular in compromised password lists. This analysis coincides... Read More
Protecting Your Organization Against the Nobelium Attacks
The UK’s National Cyber Security Centre has recently issued guidance to organizations in response to a series of attacks. This guidance was released following a notification in which Microsoft indicated that it had identified new activity tied to an... Read More