The Cyber Threat Perspective (Replay) HACKERS: How we GET IN and how to STOP US
Nov 15, 2023
Discover the top methods attackers use to gain access, including credential stuffing and password spraying. Learn how to detect compromises and reinforce defenses with multi-factor authentication. Dive into web app vulnerabilities, where small apps pose big risks. They highlight effective phishing techniques and how to bolster email defenses. Plus, many security solutions are low-cost or even free! Get ready to close those security gaps!
AI Snips
Chapters
Transcript
Episode notes
Leaked Third-Party Credentials Are High Value
- Credential stuffing leverages leaked credentials from third-party breaches to access corporate accounts.
- Fresh compromises matter most; attackers prioritize recent leaks.
Remove Unneeded Public Services
- Remove unnecessary public-facing services to shrink attack surface and technical debt.
- Implement asset and change management to avoid unknown, unpatched systems.
Use Password Managers Plus MFA
- Use corporate password managers to generate and store long random passwords for users.
- Combine password managers with MFA to remove human predictability from credentials.