The fourth and final part of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.
Welcome to the fun-size version of our 2023 Identity Threat Report! If you only have 5 minutes to spare this is the place to start - and you can always download the full PDF for later.
We are excited to announce a new report covering threats to digital identities. This report goes into detail on credential stuffing, phishing, and multifactor authentication bypass techniques.
We added another signature (for CVE-2020-0618) and we take a look at a cred stuffing attack from last month. One formerly prevalent CVE has disappeared entirely, and we investigate why that happened.
A few formerly popular CVEs fell in traffic in August, leaving an old router vuln to resume its normal position at the top. Plus seven new CVEs added to the list of signatures.
Learn how attackers use server initiated connections and other clever tricks to deliver shells to attackers, circumventing inbound firewalls and access controls.
Bot traffic for the first half of 2023 was fairly typical, some rapid change in a few industries notwithstanding. Learn who got hit hard and who got off easy.
The term identity is everywhere in security, but we rarely discuss or deal with all of the depth and complexity it entails. Sam Bisbee explores the layers inherent in identity and what they mean for managing risk.
Relative stability in attacker activity this past month serves to highlight the ongoing importance of Exchange Server vulnerabilities and poorly-secured IoT devices to attackers.