+1-202-802-9399 U.S. Headquarters

Thycotic’s Cybersecurity Publication

FEATURED STORY:
5 Shocking Insights into the Social Network Habits of Security Professionals 

Hacking social media accounts has never been easier. Attackers take advantage of poor password hygiene and usually hijack an account and hold it for ransom. It’s difficult to get the real picture, but according to Facebook, accounts are hacked 600,000 times a day. And even worse, 80% of all cyber security attacks involve a weak or stolen password.

Filter by Tags: 

What’s New in Password Reset Server 4.0?

November 18th, 2014

Password Reset Server 4.0 is out, and it has new features to make your installation simple and easy to use. What will be your favorite new feature? HSTS HTTP Strict Transport Security, when turned on, means that Password Reset Server can only be accessed using HTTPS. It is important to access sites that send or…


Qualys Security Conference Reveals Tension Between Security and IT Operations

November 11th, 2014

In my previous post, ‘Vulnerability Scanning: Is Unauthenticated Scanning Enough?’ I discussed the differences between authenticated and unauthenticated scans, and how Qualys and Thycotic work together to find vulnerabilities for better security. When performing authenticated scans, Qualys uses credentials to find sensitive issues such as malware, patches, incorrect configuration, and other vulnerabilities. It then scans…


Access Control: Models and Methods

November 4th, 2014

By: Stuart Gentry, an InfoSec Institute contributor and computer security enthusiast/researcher. There are times when people need access to information, such as documents, slides, etc., on a network drive but don’t have the appropriate level of access to read and/or modify the item. This can happen at the most inconvenient time and they would need…


Haunting Tale: Beware of the Insider

October 28th, 2014

We all love October for the fall nights, changing leaves, hot cider and Halloween festivities. October is also National Cyber Security Awareness Month supported by the National Cyber Security Alliance. Although we preach cyber security best practices all year, it’s an important reminder to stay safe online. In support of National Cyber Security Awareness Month…


Predicting Potential Threat: Behavior Analytics and Threat Modeling

October 21st, 2014

Wouldn’t it be nice to be able to identify a potential threat before it happens? Learn how Secret Server uses threat modeling and behavioral analytics to discover and take immediate action on a threat, stopping an attacker in their tracks. Threat Modeling The term “threat modeling” has become quite popular lately as an upcoming major…


POODLE: Not your typical walk in the park

October 15th, 2014

Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered. SSLv3 is an old version of the SSL protocol, dating back to 1996 and debuted with Netscape…


Vulnerability Scanning: Is Unauthenticated Scanning Enough?

October 14th, 2014

Thousands of IT organizations across the world use vulnerability scanners to perform unauthenticated scans and find threats within their network. These scans find basic weaknesses and detect issues within operating systems, open network ports, services listening on open ports, and data leaked by services. This gives companies the ability to see their network from the…


What You Need to Know About Bash Bug

October 7th, 2014

We’ve all heard the headlines of the most recent security bug, including, ‘Shellshock bug could threaten millions compared to Heartbleed,’ or even more terrifying, ‘Shellshock: A deadly new vulnerability that could lay waste to the internet.’ While these headlines are a bit dramatic, there lies some truth in the statements. The National Institute for Standards…


Why we surveyed a bunch of hackers

September 30th, 2014

At this year’s Black Hat USA, we conducted a survey of 127 self-identified “black hat” hackers. Why’d we do it? Because it’s not every day that you can get an insider perspective on the thought process and motivation behind today’s black hat hacker. Black Hat vs White Hat vs Awesome Programmers We have to caveat…


(Video) Are You Following Password Best Practices?

September 23rd, 2014

As an IT professional you juggle over 100 tasks a day, making sure everyone’s computers are up and running, no disasters are occurring, all while maintaining your entire network’s security. All of your daily responsibilities revolve around passwords and as an administrator you and your team are the keepers of ‘the keys to the kingdom.’…