There is no shortage of vulnerabilities and risks in today’s digital world. Attackers are using any way possible to compromise business-critical data. However, one of the prevalent ways cybercriminals can get a foothold into your environment is by compromising... Read More
Specops Software Blog
TCP port 21 FTP vulnerabilities
Since the birth of the Internet, one of the exciting capabilities it has enabled is the ability to transfer data from one place to another over long distances. One of the first protocols designed for transferring files from one... Read More
Zero to hero: save your org from cyber-attack with a zero trust model
Zero trust mentality: sounds kinda harsh, doesn’t it? Here at Specops it doesn’t mean we can’t trust our colleagues not to eat our yogurt out of the office fridge, but it does mean we lock our computers before leaving... Read More
UK’s National Crime Agency discovers 585 million compromised passwords in cloud storage facility
Today, Specops Software announced the addition of over 230 million compromised passwords to its Breached Password Protection database. This latest update comes from both its own internal attack monitoring systems as well as the addition of hundreds of millions... Read More
Corporate account takeover attacks and prevention
Corporate account takeover is a form of identity theft, wherein an unauthorized entity steals and assumes an employee’s digital identity, to perform actions on behalf of that user, while remaining undetected. The popularity of corporate account takeover attacks lies in their afforded safeguards for bad actors.... Read More
Securing ADFS against password spraying attacks
Stolen account passwords provide the “path of least resistance” into a victim network for an attacker. Once compromised credentials are obtained, the attacker can easily access business-critical systems with little effort. Active Directory Federation Service (ADFS) is a solution... Read More
Australia’s Cyber Security Strategy and stolen credentials
To address the growing number of cyber threats, Australia released a new version of the Australia’s Cyber Security Strategy 2020 on August 6, 2020. The 2020 version of the strategy replaces the earlier strategy from 2016, and will be delivered through the combined efforts... Read More
What Happens When You Don’t Secure The Service Desk
Employee password resets make up a big percentage of the tickets that the service desk handles on a daily basis. While a lot can be said for the high costs that are incurred at the help desk for these types of calls, which Forrester estimates cost about $70 per call, more can be... Read More
Network hardening techniques
The network is the lifeblood of any infrastructure, allowing communication between hardware and services. Protecting one’s network against penetration is essential. Successful attacks can lead to data theft or outages, effectively crippling services, and undermining privacy. These problems are expensive and time consuming... Read More
Apache Log4j Vulnerability – CVE-2021-44228
Apache Software Foundation issued an emergency update for a critical zero-day vulnerability on December 9, 2021. The vulnerability affects open source logging tool Log4j included in almost every Java application. Specops has reviewed our products and there is no... Read More