Note: This blog is taken from our recently published Exposed Credentials Solutions Guide, which includes a complete list of our mitigation strategies and free resources to begin monitoring for exposed credentials. Preventing an account takeover (ATO) or data breach through compromised credentials has never been a small job nor easy job. Unfortunately for security teams, […]
SearchLight customers can now automatically validate credential alerts via an integration with Azure AD, drastically reducing the time required to triage. As your organization’s digital footprint grows and grows, so does the opportunity for exposure of your organization’s credentials. Credential exposure is a high-priority issue, preventing attackers from accessing your systems or selling this access […]
Rumour has it that one day I’ll stop being nostalgic around December time and live this month just like any other month. But that day is not today. That’s why we are here to go through the top five blogs of 2020—one for each quarter plus a bonus one to quickly recap why they (still) […]
Amid the billions of credentials that are breached each year, security teams are focused on one core question: do any of these breached passwords really provide access to my company’s systems? That is precisely why, in July, we announced the first of our automated actions – the ability to validate credentials in SearchLight. In this […]
SearchLight customers can now automatically validate credential alerts via an integration with Okta, drastically reducing the time required to triage. You may have seen our recent research report, which discovered that there are more than 15 billion credentials exposed online. Since we published that report in June, that number has actually increased by another billion. […]
Of the many use cases associated with threat intelligence and digital risk protection, monitoring for exposed credentials is always one of the most popular. It’s easy to see why. The average business user has 191 passwords and, unfortunately, 65% of users reuse the same password for multiple accounts or all accounts. With more than 15 […]
Another year is upon us in the world of cyber-security, and few things are certain. Commentators are always prone to hyperbole: I remember in late 2017 reading claims that, “2017 was the year cyber nukes were dropped in the ocean, in 2018 they will hit land”. While, thankfully, nothing equating to a cyber nuke surfaced […]
Back in September we released a blog about the large volume of sextortion email campaigns that were hitting people’s inboxes. We have continued to monitor the campaigns and have seen a recent change in tactics, with some unusual approaches being favoured by the sextortionists this time around. Cisco ASA vulnerability lure – too long; didn’t […]
This week in Brussels, Apple’s chief executive Tim Cook somewhat surprisingly castigated how personal data is handled by businesses and organizations. Aside from praising Europe’s General Data Protection Regulation (GDPR) and calling for similar measures to be brought to the U.S., Cook warned of how our data was being “weaponized against us with military efficiency”. […]
It’s the opening week of the annual National Cyber Security Awareness Month (U.S.) and Cyber Security Month (Europe). While good security shouldn’t be something we only think about on one month of the year, it’s a good opportunity to educate the general public about the importance of information security. For practitioners and organizations, it’s also […]