September 11, 2024 at 07:51AM The text discusses the concept of passwordless authentication and its potential benefits and challenges for organizations. While passwordless authentication offers enhanced security and improved user experience, it also presents challenges such as legacy system compatibility, user adoption, backup authentication methods, biometric data privacy concerns, and regulatory considerations. The text also … Read more
September 9, 2024 at 10:16AM Today’s organizations face a range of sophisticated cyber threats, including brute force attacks. While lacking finesse, these attacks rely on persistence and can leave well-defended systems vulnerable. Various brute force techniques are used, exploiting weak password practices and predictable patterns. To defend against these attacks, organizations should enforce robust password … Read more
August 16, 2024 at 12:40PM End users often create weak, easily guessed “keyboard walk” passwords, formed by keys next to each other on the keyboard like ‘qwerty’. Despite appearing secure, they pose a significant security risk and are prevalent in compromised passwords. Organizations can educate users on strong passphrases and use tools like Specops Password … Read more
August 14, 2024 at 08:39AM Traditional password security measures are no longer enough to protect organizations from cyber threats. Prioritize securing the Active Directory and consider integrating External Attack Surface Management (EASM) to enhance password security. EASM helps detect vulnerabilities, monitor for leaked credentials, provide real-time alerts, and offer actionable recommendations to strengthen cybersecurity defenses. … Read more
August 9, 2024 at 07:54AM The US cybersecurity agency CISA warned about threat actors targeting improperly configured Cisco devices. Malicious actors abuse features like Smart Install to acquire system configuration files and exploit weak password types. Meanwhile, Cisco faces critical vulnerabilities in its IP phones, without releasing patches due to end-of-life products. Multiple exploits and … Read more
July 23, 2024 at 06:28AM Specops Software addresses the inherent security risks in traditional employee onboarding methods by offering a First Day Password feature with Specops uReset. This tool eliminates the need to share initial passwords and empowers new employees to create secure passwords through a verified system. By using this method, organizations can significantly … Read more
July 18, 2024 at 06:42AM Cisco has released a patch for CVE-2024-20419, a critical vulnerability in Cisco Smart Software Manager (SSM) On-Prem. Attackers can change any user’s password, posing a significant threat to confidentiality and integrity. The bug affects SSM On-Prem and SSM Satellite. Organizations are advised to upgrade to unaffected versions and apply the … Read more
July 8, 2024 at 04:17PM Nearly 10 billion plaintext passwords, dubbed RockYou2024, have been leaked on a hacking forum. While the list may aid in brute-force attacks, it is unlikely for websites to allow such attempts. However, cybercriminals could find success in combining this data with other breaches to execute credential-stuffing attacks. Users are advised … Read more
June 6, 2024 at 06:18AM Tom, an employee at a financial institution, unknowingly used his strong password for multiple accounts, leading hackers to compromise his credentials and potentially launch an account takeover attack. These attacks are hard to detect because they involve legitimate user credentials. Implementing strong password security and multi-factor authentication is crucial to … Read more
June 3, 2024 at 03:50PM Have I Been Pwned service added a trove of 361 million stolen credentials obtained from cybersecurity researchers who collected them from Telegram cybercrime channels. The stolen data includes username and password combinations, along with raw cookies, and was shared for free on Telegram. The credentials have affected numerous websites, and … Read more