Have you ever thought about how and why passwords are cracked? This article introduces password cracking, focusing on common strategies and tools used by security professionals and malicious users. We also discuss the composition of secure passwords, and why certain approaches are more effective than others. Cracking passwords can be done very easily in certain situations. The time taken and likelihood to successfully crack a password often depends on the password strength.

In this week’s episode of The Future of Security Operations podcast, I'm joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda.

Explore ATLSECCON 2024: a journey through mindfulness, risk management, Active Directory security, understanding containers, and more in the far North of Halifax.

Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.

Organizations must maintain control over sensitive data and prevent unauthorized access or file modifications. File activity monitoring software gives organizations the visibility and control they need to mitigate the risks of data breaches, insider threats, and compliance violations. These solutions provide valuable insights into who is accessing files, their actions, and when these activities are taking place.

Companies today face a wide range of potential threats to digital security. From cyber attacks with malicious intent to internal threats from negligent employees, IT and security teams face remarkable challenges in the modern enterprise environment. Add to the equation that many companies now operate under a hybrid model in which some employees may use personal devices for work purposes, and it’s exceedingly complicated to establish ironclad security policies and incident response plans.

Achieving and maintaining compliance in the cloud proves challenging for many organizations, as it is a complex, ongoing effort that includes safeguarding sensitive data and ensuring infrastructure resources are correctly configured. Success often hinges on the ability to monitor compliance-related trends over time, enabling organizations to spot risk patterns, gauge their current compliance posture, and adapt as new risks emerge. However, gathering this data can be difficult.

SecurityScorecard STRIKE threat researchers discovered 12 zero-days in customer environments in the last year. Attacks are increasingly targeting third-party software. The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023.

The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we are calling RUBYCARP. Evidence suggests that this threat actor has been active for at least 10 years. Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks.

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.