Research, news and updates on threats and cybersecurity
Enable automated password policy enforcement with daily password auditing and customizable remediation. With compromised password detection, custom password dictionary, fuzzy matching with common character substitutions, and continuous ongoing monitoring; enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords in Active Directory. Organizations can adopt NIST password standards to screen for weak, commonly-used, expected, and compromised passwords. Then they …
The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.
After intensive review of over 3,700 nominations, Enzoic was chosen as a winner of the 2020 CyberSecurity Breakthrough award program. They were recognized specifically with the ‘Fraud Prevention Innovation Award’. CyberSecurity Breakthrough is a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market. Enzoic sits alongside winners in other cyber …
Microsoft Active Directory (AD) allows IT administrators to manage users, data, and applications within their organization’s network. Due to its popularity and importance within companies, AD is a perfect target for ‘bad actors.’ We’ve most likely all seen the massive increase in data breaches over the past few years. There are many attack vectors out there, but compromised credentials are …
The Criminal Justice Information Services (CJIS) is the largest division of the FBI. They’re a hub of state-of-the-art tools and services for law enforcement, national security community partners, and the general public. The CJIS Security Policy is regularly updated to evolving industry best practices. Their June 2019 update introduced a new policy option for passwords. This option made it easier …
Static Vs. Dynamic Hardly a day goes by without news of passwords being exposed in a third-party data breach. Once leaked, these credentials are easily available to other hackers via the Dark Web and, thanks to the rampant problem of password reuse, there are a variety of effective attack methods that allow hackers to obtain access to additional organizations’ systems …
Out of nearly a thousand nominated companies, Enzoic was recently named a winner of the 2020 Colorado Companies to Watch (CCTW). This competitive annual award recognizes companies that “are critical job creators, innovators, and drivers of [the] economy” in the state of Colorado. CCTW is a unique program, sponsored by the Bank of America, that acknowledges 50 high-performing second stage …
Thousands of Canadian citizens are at risk of identity fraud after cybercriminals used stolen credentials to access government services including COVID-19 relief funds. The source of the breach was a credential stuffing attack utilizing logins exposed in a prior breach. This is the latest example in a steady stream of data breaches driven by poor password practices. The Verizon DBIR …
Multi-factor authentication (MFA) is useful, but not a failsafe strategy for user authentication. The purpose of identity and access management technology is, generally speaking, to prevent unauthorized users from viewing, stealing, or manipulating data, whether a corporate network, or a celebrity Twitter account. As most users know, the dangers of the internet are ever shifting, and it’s important to stay …
Cracking dictionaries are software programs that compile lists of unique words, common passwords, and iterations of common passwords. These words are collected from public domain files from multiple sources and in various formats. With cracking dictionaries, hackers narrow the universe of possible passwords to try. Instead of a brute force attack that tries every possible character combination, the hacker can …
Enzoic’s Dark Web Monitoring services are now being embedded into the new LastPass Security Dashboard. The new capabilities provide early warning of increased risk of identity theft and other cybersecurity vulnerabilities. A recent LastPass survey found 86% of people don’t have any way to know if their personal information has been exposed on the dark web. Enzoic’s dedicated threat researchers …
Securing Passwords from Create to Retire Organizations are in a non-stop battle to protect their network and meet data security responsibilities in the face of ever-increasing cyberattacks. A key challenge is ensuring that users create secure passwords. Four out of five hacking breaches involve unsafe password practices. In this current threat environment, passwords must exclude passwords exposed in previous data …
