Attackers target helpdesks with social engineering attacks to gain unauthorized access to user accounts, which they can use to compromise an environment or launch ransomware attacks. When done effectively, they can bypass MFA and avoid having to verify their... Read More
Specops Software Blog
Microsoft password spraying hack proves securing every account matters
Microsoft released a statement on Friday 19th January saying their corporate network had been compromised by Russian-state hackers, who were able to exfiltrate emails and attached documents. The software giant said only a ‘very small percentage’ of corporate email... Read More
Specops Breached Password Protection Expands with the Addition of Outpost24 Threat Intelligence Malware-Stolen Password Data
This expansion coincides with the publication of the 3rd annual Specops Breached Password report. Today, Specops Software announced the addition of a new source of compromised password data for the Specops Breached Password Protection service used by Specops Password... Read More
What is cybersquatting and how can you protect your brand?
Impersonation fraud is one of the biggest threats facing today’s businesses — and the threat continues to grow. In fact, the US Federal Trade Commission reports that impersonation attacks, which includes misleading domain names (also known as cybersquatting), are increasing... Read More
Specops Authentication: What We Added in H2 2023
Support for Kerberos Integrated Authentication, Improved Fatigue Attack Prevention, New Identity Service & More Specops Authentication is our platform that secures self-service key recovery and password resets, changes and account unlocks with multi-factor authentication (MFA), via self-service and/or at... Read More
Microsoft transitions NTLM to Kerberos in Windows to boost security
Windows authentication is a process that’s been around for decades. Unsurprisingly, attackers often target this authentication mechanism, preying upon weaknesses and vulnerabilities as they crop up. To help secure Windows authentication, Microsoft recently announced it was deprecating reliance on... Read More
Holiday season cyber threats: Is your service desk prepared?
Cybercriminals strategically time their attacks for when cyber defenses are most vulnerable. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have noticed a significant increase in ransomware attacks against US companies during holidays and weekends.... Read More
Nine ways MFA can be breached (and why passwords still matter)
Of all the access security recommendations you come across, multi-factor authentication (MFA) is arguably the most consistent. And there’s good reason many best practice recommendations and compliance frameworks now place MFA at the top of the list of security... Read More
[New research] How tough is bcrypt to crack? And can it keep passwords safe?
Earlier this year, the Specops research team published data on how long it takes attackers to brute force MD5 hashed user passwords with the help of newer hardware. Now we’ll be putting the bcrypt hashing algorithm to the test,... Read More
How to force password changes at next logon in Entra ID (formerly Azure AD)
Entra ID (formerly Azure AD) is the central component for identity and access management in Microsoft Azure, and by extension, Microsoft 365. Managing users and passwords for organization accounts requires understanding how Entra ID (formerly Azure AD) handles password... Read More