Don’t Become A Victim to Account Takeover Attacks
ATO attacks are a huge reputational risk for businesses in the finance industry, but that pales in comparison when customers lose their entire life savings.
Author Archives: Stan Bounev
The Chimera of Zero Trust
In a world that is obsessed with profits and shareholder interests, the idea of organizations suddenly shifting to more aggressive security models that will cost more money seems suspicious. It appears that most business leaders would rather gamble with their earnings and spend money to clean up a data breach than prevent one. There is […]
NIST Password Guidelines 2021: Challenging Traditional Password Management
In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users. Nearly every year since, NIST has undertaken to update or underscore these guidelines as security experts continue […]
Assessing the risk of compromised credentials
Assessing The Risk of Compromised Credentials to The Enterprise Businesses today face an abundance of organizational risk. These come in the form of creating the business model itself, dealing with third parties, managing vendors and partners, monitoring internal and external fiscal fraud, exercising premise security, and the like. In the 21st century, no greater risk […]
Why Common IAM Solutions for Identity-based Attacks Aren’t Really Working?
by Stan Bounev and Chris Olive When faced with the problem of data being open to all users on an early, 1960’s mainframe computer, Fernando “Corby” Corbato rather nonchalantly assigned passwords to protect user private data, and the concept of the computer password was born. Fast forward to today, and no one ever would have […]
Account Takeover (ATO) Attacks Simply Don’t Matter
Account Takeover (ATO) Attacks Simply Don’t Matter Account Takeover (ATO) attacks seemingly just don’t matter. That’s the conclusion a semi-informed outside observer might potentially come to based on how these pernicious attacks are being addressed by the cybersecurity community. That ATO attacks desperately need to be addressed, and addressed in the right way, goes without […]
The 773 Million Strong Yawn of Collection #1
“Baby born with two heads! Alligators found in Central Park! 773 Million Credentials Leaked! Largest Breach In History! Step right up folks, and get the latest news, exclusively right here!” And so it may as well have been last week. The sensationalized news of the Collection #1 breach touted as “one of the largest breaches […]
The Ease of Checking for Compromised Credentials
High-profile data breaches in recent years have created a new and rapidly emerging high-risk reality that businesses must be made aware of, and which can no longer be ignored. This high-risk reality is the creation and accessibility of huge data lakes containing billions of leaked credentials for sale on the dark web that provide exact […]
The Coming Tsunami of Leaked Credentials
December 26th, 2004. A powerful but mostly silent earthquake took place off the coast of northern Sumatra in the Indian Ocean. While beach goers on the eastern coast of India noticed the strange phenomena of the sea receding a few hundred yards, no one put “two and two” together based on this scant evidence. The […]
The iCloud “Breach”: What Analysts Haven’t Said
April 7th – today. That’s the deadline that looms like a dark cloud over Apple and its customers based on the claims of a group calling themselves The Turkish Crime Family. The group claimed publicly a couple of weeks ago they have hacked Apple’s iCloud and have threatened they will erase hundreds of millions of […]