It’s important to lock down the basics first when it comes to cybersecurity. You could purchase a state-of-the-art security system for your house – but it’s still going to be targeted by criminals if you leave the doors and... Read More
Specops Software Blog
[New research] The top malware hackers use to steal your users’ passwords
Today, the Specops research team is publishing new data on the types of malware hackers are using to steal passwords and sell them on the dark web. This coincides with the latest addition of over 48 million compromised passwords... Read More
Four ways to make end users love password security (or at least tolerate it).
When end users find their organization’s security measures burdensome or frustrating, it can significantly increase the risk of insider threats. Gartner revealed that 69% of employees have disregarded their organization’s cybersecurity guidance in the past year. This doesn’t mean... Read More
Six attack paths in Active Directory and how to remediate them
One of the crown jewels for an attacker who infiltrates an enterprise environment is Active Directory Domain Services (AD DS). There are several attack paths the “blue team” needs to remediate to bolster the security of Active Directory. Remediating... Read More
How an ex-employee’s leaked credentials led to a U.S. State Government breach
A U.S. State Government organization’s network was recently compromised through a former employee's administrator account. The organization itself is unnamed, but we know that the threat actor successfully authenticated into an internal virtual private network (VPN) access point using... Read More
Why security and awareness training won’t fix bad password habits
Organizations know their end users represent a cybersecurity risk. They make mistakes, they’re targeted by hackers, and sometimes they’ll even act maliciously against their employer. Security and awareness training is an attempt to reduce this risk by creating a... Read More
New in Specops Password Policy 7.12: Schedule Password Auditor Reports, Improvements to Periodic Scanning Reports & more
This week, we’ve released the latest version of our Active Directory password management solution, Specops Password Policy 7.12. This release includes improvements to the reporting within the Specops Password Policy admin tools as well as several new PowerShell cmdlets... Read More
How to lock down your Active Directory password reset process
Attackers target helpdesks with social engineering attacks to gain unauthorized access to user accounts, which they can use to compromise an environment or launch ransomware attacks. When done effectively, they can bypass MFA and avoid having to verify their... Read More
Microsoft password spraying hack proves securing every account matters
Microsoft released a statement on Friday 19th January saying their corporate network had been compromised by Russian-state hackers, who were able to exfiltrate emails and attached documents. The software giant said only a ‘very small percentage’ of corporate email... Read More
Specops Breached Password Protection Expands with the Addition of Outpost24 Threat Intelligence Malware-Stolen Password Data
This expansion coincides with the publication of the 3rd annual Specops Breached Password report. Today, Specops Software announced the addition of a new source of compromised password data for the Specops Breached Password Protection service used by Specops Password... Read More