Earlier today, news broke that unknown activists have posted nearly 25,000 credentials belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other organizations engaged in the fight against the coronavirus pandemic. According to Souad Mekhennet and Craig Timberg at the Washington Post, “The lists, whose origins are unclear, appear to have first been posted …
Specialized Threat Intelligence: Breach Data to Defensive Solution
Fraud and account take-over cost companies billions of dollars every year. Many of these successful attacks are the result of credential stuffing, a vulnerability created by users’ reuse of passwords across systems and websites. Because of the risk of exposed passwords, the US-based National Institute of Standards and Guidelines (NIST) recommends screening accounts against lists of commonly-used and compromised credentials, …
What is Exposed Password Screening?
Exposed password screening is the process of checking currently used passwords against passwords that have been exposed in a publicly known data breach. Once these passwords are exposed, they are considered to be compromised passwords. In 2017, the National Institute of Standards and Technology updated the NIST password guidelines, recommending for exposed password screening. Since then, companies and organizations are …
Cybersecurity Trends to Watch in 2020
Cybersecurity and infosec are constantly evolving. Today, organizations are doing everything in their power to harden their defenses, protect their internal networks, and secure data from increasing internal and external threats. The need to be ahead of bad actors causes new cybersecurity trends to emerge every year. The following 2020 cybersecurity trends are important ones to watch. #1: Automation for …
CyberEd Magazine Session with Enzoic CEO Michael Greene
Enzoic CEO Michael Greene had a recent session with CyberEd. CyberEd.io provides the latest discussions on cybersecurity topics straight from industry leaders for the security practitioner on-the-go. Here is a quick summary of that session. Strong Authentication Hindering the User Experience Numerous options exist for strong authentication, but most involve introducing some form of friction into the user experience. User …
Enzoic Customer Profile: IDShield
Identity Theft Protection: A Crucial Consideration in Today’s Heightened Environment Why IDShield Partners with Enzoic for Comprehensive Identity Theft Protection for Our Customers. By Guest Blogger: Allen Spence, Director, IDShield Product Leadership, LegalShield According to the Identity Theft Resource Center, there were over 1,200 reported breaches last year alone, which exposed over 400 million records. And as Time’s Patrick Lucas …
Disney and the Password Reuse Problem
Disney+ Launch: A whole new world of excellent content, the same password reuse problem Consumers and critics alike have long clamored for the Disney+ streaming service, however, its recent launch has once again exposed the risks with password reuse. Even a mega-brand like Disney has password risks. An investigation found that less than 48 hours after launch, thousands of exposed …
Protecting Loyalty Accounts and Rewards Programs
According to LoyaltyOne, a loyalty advisory company, in the US, there are at least 3.8 billion rewards memberships, which equates to about 10 per consumer. Companies create loyalty programs for their customers because it decreases customer attrition while also giving the company more information on each customer for data mining and partnerships. One key challenge for companies is protecting those …
8 Ways to Mitigate Credential Stuffing Attacks
We all know that data breaches have leaked billions of user credentials (usernames and passwords) on the public internet and dark web. The Global Password Security Report shows an alarming 50% of people reuse the same passwords across their personal and work accounts. If a cybercriminal obtains legitimate credentials for a personal account, they often can also get into that person’s work account because …
Are gaming companies and forums taking security seriously?
Many gaming companies and gaming-related websites prioritize user experience and easy access above security and strong authentication. They have found that increasing friction at login can drive customer attrition… which then translates into decreased revenue. But are they taking security seriously enough? This is a theme Enzoic’s CTO, Mike Wilson, recently explored in a conversation with Threatpost’s Tom Spring. The …