Authored by: Julio Sanchez In part 2 of this series, we examined a penetration testing engagement that the Core Security Services team performed, simulating an external attacker with no internal access finding entry using a password spray attack, eventually gaining control of Active Directory. Continuing our exploration of Active Directory attacks, we’ll share another scenario in order to further...

The impact of COVID-19 has been far-reaching across nearly every sector. Millions of employees now work remotely, making companies particularly vulnerable when it comes to external access risks. Many organizations lack a centralized process to manage user access to accounts and resources. They often have limited visibility into access levels users possess to data and systems within their network....

Financial services information security continues to be a top priority across the entire financial sector—and for good reason. The Verizon Data Breach Investigations Report found that financial profit or gain was the primary motivation in 71 percent of all information security incidents, making financial services organizations a prime target for attack. According to the Bitglass’ Financial Breach...

For small and mid-sized organizations, mitigating identity-related access risks may seem like a never-ending struggle they face on their own. Tasked with supporting countless systems, networks, and applications with access to key data, they frequently have limited staff and rely on manual user provisioning and deprovisioning. They may depend on decentralized processes for managing accounts...

Authored by: Julio Sanchez In part 1 of this series, we explored what makes Active Directory so appealing to threat actors, and how attacks can severely harm an organization. For the remainder of the series, we’ll walk through several examples taken from penetration testing engagements the Core Security Services team has performed to explore ways attackers may target Active Directory, and discuss...

The rise of robotic process automation (RPA) during the last several years has enabled organizations to adopt new technologies that drive efficiencies across their business. RPA solutions leverage software robots that communicate with business systems and applications to streamline processes and reduce the burden on employees for completing mundane, repetitive tasks. Embracing new technologies...

Penetration testing, also known as a pen test, is a security exercise that reveals an organization’s security vulnerabilities through a defined testing process. A penetration test may focus on networks, applications, physical facilities, individuals, and more. As cybersecurity breaches continue to plague organizations, compliance mandates are expanding, more organizations are attempting to deploy...

Have you outgrown your password vault?

Ready to move beyond passwords and embrace the future?

Want to learn more about keeping your organization safe?

Ever since Ali Baba uttered “open sesame,” thieves have been using stolen passwords to access hidden riches. In the digital world, password attacks have been and continue to be a common way for threat actors to gain access to an organization’s treasure trove of data. No matter how many emails we get from IT explaining what makes a good password, many of us still use the same basic password in...

Earlier this year, we mentioned ransomware as a trend to watch in 2017. While some experts believe it will hit a plateau this year, that doesn’t mean that it will be any less harmful to businesses and consumers alike. Here are 6 things to know about ransomware: 1. Ransomware will be harder for you to detect Bad actors know that targeting businesses is harder due to the safeguards most...

Security vulnerabilities are one of the most common problems in cybersecurity today, as they may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. According to the statistics from the Common Vulnerabilities and Exposures list, 12,174 new vulnerabilities were uncovered in 2019—over 13 times as many as were discovered in 1999, when the...

With the rise of cloud computing, organizations have expanded their reliance upon cloud platforms. Many have expanded their capabilities and capacity through cloud servers, while others have adopted a hybrid approach that includes both cloud and on-premise environments. Gartner predicts that by the end of 2020, ‘75 percent of organizations will have deployed a multi-cloud or hybrid cloud model,’...

Did you know that one of the top nine attack types consistently covered in Verizon’s Data Breach Report are insider threats and privileged misuse? According to this year’s report, 66% of insiders steal information in hopes of selling it for cash, 17% are just unsanctioned snooping and 15% are taking it in order to take the information to a new employer. What is the root cause of all of these...