Research, news and updates on threats and cybersecurity
Thousands of Canadian citizens are at risk of identity fraud after cybercriminals used stolen credentials to access government services including COVID-19 relief funds. The source of the breach was a credential stuffing attack utilizing logins exposed in a prior breach. This is the latest example in a steady stream of data breaches driven by poor password practices. The Verizon DBIR …
Multi-factor authentication (MFA) is useful, but not a failsafe strategy for user authentication. The purpose of identity and access management technology is, generally speaking, to prevent unauthorized users from viewing, stealing, or manipulating data, whether a corporate network, or a celebrity Twitter account. As most users know, the dangers of the internet are ever shifting, and it’s important to stay …
Cracking dictionaries are software programs that compile lists of unique words, common passwords, and iterations of common passwords. These words are collected from public domain files from multiple sources and in various formats. With cracking dictionaries, hackers narrow the universe of possible passwords to try. Instead of a brute force attack that tries every possible character combination, the hacker can …
Enzoic’s Dark Web Monitoring services are now being embedded into the new LastPass Security Dashboard. The new capabilities provide early warning of increased risk of identity theft and other cybersecurity vulnerabilities. A recent LastPass survey found 86% of people don’t have any way to know if their personal information has been exposed on the dark web. Enzoic’s dedicated threat researchers …
Securing Passwords from Create to Retire Organizations are in a non-stop battle to protect their network and meet data security responsibilities in the face of ever-increasing cyberattacks. A key challenge is ensuring that users create secure passwords. Four out of five hacking breaches involve unsafe password practices. In this current threat environment, passwords must exclude passwords exposed in previous data …
How Hackers Are Actually Using Exposed Passwords to Infiltrate Active Directory Recent reports like the Verizon DBIR have noted that stolen credentials are often the foothold that attackers use to compromise networks and systems. A simple phishing or credential stuffing attack becomes the entry point for a much larger enterprise, like data theft, ransomware, or system hijacking. This is rather …
“Open, Sesame!”Upon reflection it’s easy to see that passwords have an incredibly long history: from shibboleths to military codes, they’ve been used in many situations to preserve privacy and identity. With the creation of computing technology, passwords became ubiquitous, and were codified in the digital world as strings of characters—numbers, letters, and symbols. Much like their historical counterparts, they were …
Working from home used to seem something of a luxury, reserved for those whose work might not rely on customer interaction or face to face meetings. But since April of this year, the number of people working from home has dramatically increased, due to the risks associated with COVID-19. This trend has spanned most major sectors of the industry—education, healthcare, …
Why organizations need to react urgently to the state of password security, according to data from 451 Research In a recent brief titled “Love ‘em or Hate ‘em, Passwords Are Here to Stay,” 451 Research indicated that despite the stirrings of a passwordless revolution, the widespread use of passwords won’t be changing in the foreseeable future. The 451 brief points …
This list is a combination of proactive steps you can take, as well as activities you should avoid for protecting your password and personal data. One of the main barriers to robust cybersecurity is an educated populace and willing participants. We all want our data to be secure, but it’s also human nature to downplay the risks associated with poor …
