Account Takeover Prevention
Detect exposed employee credentials before attackers do.
From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover
Over the past 2.5 years, we have been analyzing how cybercriminals conspire to prey upon users of online services by “taking over” the accounts they all use...
Webinar: Account Takeover: Data Findings, Popular Tools, and Prevalent Actors
Join the Photon team to learn about our latest research on account takeover.
The Account Takeover Kill Chain: A Five Step Analysis
Here, we review account takeover from the perspective of the cybercriminal: why and how do cybercriminals perform ATO?
How One Large Bank Detected More Than 50,000 Exposed Credentials in 1 Year | Case Study
See how one large bank detected more than 50,000 exposed credentials in 1 year.
Account Takeover: Protect Your Customer and Employee Accounts
Cybercriminals are increasingly turning to credential stuffing tools to automate attempts at account takeover, making these leaked credentials very useful for them.
7 Tips for Protecting Against Account Takeovers
In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database. One ...
Industries Most Likely to be Targeted by Credential Stuffing Attempts
Discover which industries are most likely to be targeted by cybercriminals with credential stuffing attempts.
Weekly Intelligence Summary 24 Oct - 31 Oct 2019
In the spotlight this week: A card skimming operation targeted the online retailer First Aid Beauty and evaded notice for months.
7.5M Adobe Creative Cloud User Records Exposed, City Of Joburg Ransomware Attack, and APT28 Updates
Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of aboutt 7.5 million Adobe Creative Cloud...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services
Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of ...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
Cybercriminal Forum Developments: Escrow Services
On Russian- and English-language cybercriminal forums on the clear and dark web, vendors are increasingly asking interested buyers to place money in a forum escrow service before they will provide fur
Iran-Linked APT35, Skimming By Magecart 4, Rancour, And Emotet Resurgence
We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories. - APT35 Targets Email of US political figures & prominent Iranians -...
Harnessing Exposed Data to Enhance Cyber Intelligence - Recorded Webinar
Attack methods repeat themselves, and so does how cybercriminals use breached data, such as PII, stolen account details and even compromised admin credentials. Once data is compromised, it can circula
Episode 39: Credential Hygiene
Dr. Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. We’ve all heard of not reusing passwords, employing two factor authentication and using...
33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy
Last week, I wrote about how cybercriminals are looking to trade corporate emails in their pursuit of conducting Business Email ...