Rolling out a new password policy without a plan is a recipe for disaster. You want to avoid a situation where all end users are prompted to change their passwords at the exact same time – triggering chaos for... Read More
Blog
Secured your Active Directory? EASM is your next password security step.
It’s important to lock down the basics first when it comes to cybersecurity. You could purchase a state-of-the-art security system for your house – but it’s still going to be targeted by criminals if you leave the doors and... Read More
[New research] The top malware hackers use to steal your users’ passwords
Today, the Specops research team is publishing new data on the types of malware hackers are using to steal passwords and sell them on the dark web. This coincides with the latest addition of over 48 million compromised passwords... Read More
Password security vs user experience: Four ways to make end users love password security (or at least tolerate it).
When end users find their organization’s security measures burdensome or frustrating, it can significantly increase the risk of insider threats. Gartner revealed that 69% of employees have disregarded their organization’s cybersecurity guidance in the past year. This doesn’t mean... Read More
Six attack paths in Active Directory and how to remediate them
One of the crown jewels for an attacker who infiltrates an enterprise environment is Active Directory Domain Services (AD DS). There are several attack paths the “blue team” needs to remediate to bolster the security of Active Directory. Remediating... Read More
How an ex-employee’s leaked credentials led to a U.S. State Government breach
A U.S. State Government organization’s network was recently compromised through a former employee's administrator account. The organization itself is unnamed, but we know that the threat actor successfully authenticated into an internal virtual private network (VPN) access point using... Read More
Why security and awareness training won’t fix bad password habits
Organizations know their end users represent a cybersecurity risk. They make mistakes, they’re targeted by hackers, and sometimes they’ll even act maliciously against their employer. Security and awareness training is an attempt to reduce this risk by creating a... Read More
New in Specops Password Policy 7.12: Schedule Password Auditor Reports, Improvements to Periodic Scanning Reports & more
This week, we’ve released the latest version of our Active Directory password management solution, Specops Password Policy 7.12. This release includes improvements to the reporting within the Specops Password Policy admin tools as well as several new PowerShell cmdlets... Read More
How to lock down your Active Directory password reset process
Attackers target helpdesks with social engineering attacks to gain unauthorized access to user accounts, which they can use to compromise an environment or launch ransomware attacks. When done effectively, they can bypass MFA and avoid having to verify their... Read More
Microsoft password spraying hack proves securing every account matters
Microsoft released a statement on Friday 19th January saying their corporate network had been compromised by Russian-state hackers, who were able to exfiltrate emails and attached documents. The software giant said only a ‘very small percentage’ of corporate email... Read More