Research, news and updates on threats and cybersecurity
The Industry’s 1st Active Directory Plugin That Helps Organizations Prevent Use of Compromised Passwords According to NIST 800-63b Guidelines. Passwords remain the primary method for protecting employee accounts yet passwords also continue to be a major threat vector to businesses and organizations year-after-year because of use of unsafe credentials. According to Verizon’s 2019 Data Breach Investigations Report, 29% of …
The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.
All industries are targets for cyber-attacks, but some are more targeted due to the value of the accounts. Five industries in particular are more at-risk for credential stuffing and account takeover (ATO) attacks. Here is why. With articles coming out daily on new data breaches and leaks, perhaps you heard about the account takeover attacks at Basecamp, Dunkin Donuts, or …
Credential screening providers are critical business partners who help mitigate the risks of cyberattacks and choosing the right one can prevent exposure of additional risks. Depending on how the data is handled, you can introduce more or less risk into your environment. We hope this article is valuable in helping you determine which credential screening provider is right for your …
Enzoic has recently been listed in the 10 Leading Cyber Security Solution Providers in Beyond Protection. At any given moment, millions of compromised user credentials – primarily passwords – are circulated across the Internet and Dark Web from past data breaches. Reuse of passwords by users across their online accounts is fertile ground for cybercriminals harvesting username and password combinations …
Account takeover (ATO) attacks result in billions of dollars of fraud and damage to brand reputation each year. These are the costs and risks associated with ATO. Defining ATO Let’s start by defining ATO. Account takeover is a form of online identity theft in which a cybercriminal illegally gains access to a victims account, such as a bank account or …
Enzoic is proud to be part of Enterprise Security Magazine’s Top 10 Identity and Access Management Solution Providers for 2019. Enzoic was selected to be part of this exclusive list because of the uniqueness of the technology along with the low-friction way the product helps prevent account takeover and fraud. In the past decade, over 10 billion records have been …
The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords, including eliminating the forced periodic password reset. The most publicized recommendation is throwing away password complexity rules and this recommendation is still hotly contested on many security forums. However, what really catches the attention of most Active Directory and system admins, is the instruction …
The Open Web Application Security Project (OWASP), a non-profit that is dedicated to web application security, classifies credential stuffing as a subset of brute force attacks. However, in practice, the two types of cyber-attacks use very different methods to accomplish an account takeover and fraud. To explore how credential stuffing attacks and brute force attacks differ, we need to understand …
Law firms are frequently targeted by hackers due to their sensitive client information. The ABA is taking notice and has issued Formal Opinion 483. This is a quick guide on that Opinion and tips for how Law Firm can approach cybersecurity
Higher education institutions in the US and abroad are increasingly becoming the target of cyberattacks. As high-profile attacks continue to make headlines, higher education IT departments must prioritize their budgets and personnel deployment to maintain effective security measures and heighten incident response. Understanding the special risks that face higher education is critical and the first defense, is protecting student and faculty accounts from nefarious logins.
