Scattered LAPSUS$ Hunters weaponizes stolen credentials and session tokens from Salesforce breaches to fuel downstream account takeover attacks – here’s how this federated cybercrime group operates and what security teams must do to stop them.
See how cybercriminals are bypassing Google Chrome’s App-Bound Encryption feature with infostealer malware to steal session cookies that can be used in session hijacking attacks.
Google announced a new feature called Device Bound Security Credentials (DBSC) for Chrome. Learn how it affects cookie theft and session hijacking.
SpyCloud researchers break down the risk combolists provide to enterprises and security teams combating stolen credentials and how cybercriminals are still leveraging this age-old tactic.
With the shift from passwords to passkeys, security posture stands a chance at optimization. But it’s still susceptible to compromise. We examine how.
Passwordless authentication feels like all the rage these days but it doesn’t come without its own challenges.
We explore two-factor authentication (2FA) and multi-factor authentication (MFA) and why these added layers of security are critical to protecting your organization.
Our survey of IT security leaders found organizations are investing in layers of defense against authentication-based attacks, but it still isn’t enough. Here we discuss the issues with passwords, passkeys, and MFA + additional steps beyond these measures security teams can take to close the gaps in their defenses.
Session cookies siphoned from unmanaged devices infected with malware pose a significant threat to enterprises. Learn how criminals use stolen web session cookies to access enterprises and launch cyberattacks.
The problem of password reuse demands a new framework for credential security – one in which users are blocked from choosing passwords that have ever been exposed.
With stolen credentials being the #1 entry point for cybercriminals, password security has never been more critical. We offer five tips for stronger passwords for users and enterprises alike.
The latest version of PCI DSS standards feature more robust requirements for passwords and authentication. We break down some of the requirements and how they could impact your organization.
We’d like to believe that passwords are just a hop-skip-jump away from being obsolete but the truth is, we’re still not quite ready for a passwordless world.
Increased adoption of MFA is a good thing for cybersecurity, especially as remote work grows in popularity – and preference – but humans remain the weakest link.
Ransomware has reached crisis levels across all business sectors and across the globe. What’s fueling it? Two words: stolen credentials.
MFA keeping you up at night? It probably should. Check out these common MFA bypass techniques and why another layer of account protection is necessary.
Many years’ worth of accumulated best practices have mostly helped strengthen Active Directory security, but a few long-standing beliefs about enforcing password policies are actually outdated.
Understand MFA implementation and adoption challenges and learn steps you can take to strengthen its effectiveness.
To laymen, the strange lexicon surrounding password security only makes the topic less approachable. What is a salt? What is a hash? And better yet,
Credential stuffing attacks are on the rise. Learn more about how they’re done and what you can do to protect your organization.
Old exposed passwords can do harm long after the initial compromise. Learn why you should be looking at old data, too.
Think your account takeover prevention strategies give you 100% protection? We’ll show you why you should be skeptical.
