When end users find their organization’s security measures burdensome or frustrating, it can significantly increase the risk of insider threats. Gartner revealed that 69% of employees have disregarded their organization’s cybersecurity guidance in the past year. This doesn’t mean... Read More
Blog
Categories
Six attack paths in Active Directory and how to remediate them
One of the crown jewels for an attacker who infiltrates an enterprise environment is Active Directory Domain Services (AD DS). There are several attack paths the “blue team” needs to remediate to bolster the security of Active Directory. Remediating... Read More
How an ex-employee’s leaked credentials led to a U.S. State Government breach
A U.S. State Government organization’s network was recently compromised through a former employee's administrator account. The organization itself is unnamed, but we know that the threat actor successfully authenticated into an internal virtual private network (VPN) access point using... Read More
Why security and awareness training won’t fix bad password habits
Organizations know their end users represent a cybersecurity risk. They make mistakes, they’re targeted by hackers, and sometimes they’ll even act maliciously against their employer. Security and awareness training is an attempt to reduce this risk by creating a... Read More
New in Specops Password Policy 7.12: Schedule Password Auditor Reports, Improvements to Periodic Scanning Reports & more
This week, we’ve released the latest version of our Active Directory password management solution, Specops Password Policy 7.12. This release includes improvements to the reporting within the Specops Password Policy admin tools as well as several new PowerShell cmdlets... Read More
How to lock down your Active Directory password reset process
Attackers target helpdesks with social engineering attacks to gain unauthorized access to user accounts, which they can use to compromise an environment or launch ransomware attacks. When done effectively, they can bypass MFA and avoid having to verify their... Read More
Microsoft password spraying hack proves securing every account matters
Microsoft released a statement on Friday 19th January saying their corporate network had been compromised by Russian-state hackers, who were able to exfiltrate emails and attached documents. The software giant said only a ‘very small percentage’ of corporate email... Read More
Specops Breached Password Protection Expands with the Addition of Outpost24 Threat Intelligence Malware-Stolen Password Data
This expansion coincides with the publication of the 3rd annual Specops Breached Password report. Today, Specops Software announced the addition of a new source of compromised password data for the Specops Breached Password Protection service used by Specops Password... Read More
What is cybersquatting and how can you protect your brand?
Impersonation fraud is one of the biggest threats facing today’s businesses — and the threat continues to grow. In fact, the US Federal Trade Commission reports that impersonation attacks, which includes misleading domain names (also known as cybersquatting), are increasing... Read More
Specops Authentication: What We Added in H2 2023
Support for Kerberos Integrated Authentication, Improved Fatigue Attack Prevention, New Identity Service & More Specops Authentication is our platform that secures self-service key recovery and password resets, changes and account unlocks with multi-factor authentication (MFA), via self-service and/or at... Read More