Name: Account Takeover in Azure's API Management Developer Portal
Start: 2023-04-06T14:00:00Z
End: 2023-04-06T14:00:33.000Z
Location: BrightTALK
Rating: 4.8

The Outpost24 group is pioneering cyber risk management with continuous vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 40 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our Cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters. Visit Outpost24.com for more information.

Join us for a live roundtable as we look at the identity and password security trends shaping 2025, and the priorities organizations are setting for 2026.

This relaxed session brings together Specops product managers, security engineers, and customers for an open, practical conversation. You’ll hear real-world insight from peers, a grounded look at what defined 2025, and a light, high-level view of what’s ahead as teams prepare for the year to come.

Panelists: 
- Darren James, Senior Product Manager, Specops (moderator)
- Darren Siegel, Security Engineer Team Lead, Specops
- Clay Kirkland, Product Specialist, Specops
- Nasser Arif, Cyber Security Manager, LNWUH NHS Trust
- Franklin Ramsey, Cyber Security & System Engineer, Aultman Health System

From 2025 to 2026: Identity Security Insights and Priorities

Passwords remain one of the easiest entry points for attackers, and one of the biggest headaches for IT teams. From weak and reused credentials to compliance hurdles and endless helpdesk resets, poor password hygiene continues to leave organizations exposed to costly breaches, downtime, and reputational damage.

This Halloween, join us for a chilling journey into the password graveyard. We’ll revisit real-world breaches that could have been prevented, reveal why traditional password policies fail, and show how quickly attackers exploit exposed credentials. You’ll also see a live demo of how Specops empowers IT teams to enforce stronger, user-friendly, and compliance-ready password policies, blocking breached credentials in real time, customizing controls to your environment, and easing helpdesk strain.

Walk away with a clear, actionable plan to banish your password nightmares for good, without sacrificing the seamless user experience your workforce depends on. This webinar will dive into:
- The password horror reel: Real-world breach examples and their costly impact
- The scope of the problem: How compromised credentials drive the majority of breaches
- Why traditional password policies fail: Complexity ≠ security, password reuse, and the lack of real-time breach blocking
- Live demo: How Specops enforces strong, compliant, user-friendly passwords, blocking breached passwords in real time, using custom dictionaries, meeting NIST and other regulatory standards, and integrating with Active Directory
- Leadership takeaway: A three-step IT Director’s action plan to eliminate password risks with fast rollout and immediate security gains

Cybersecurity Nightmares: Tales from the Password Graveyard

This session, led by TechSolution, will explore the latest insights into the cybersecurity landscape in Indonesia.

Cybersecurity experts will delve into the threat landscape, the economic impact of cyber-attacks, and provide an overview of modern solutions, like PTaaS and EASM, to help you mitigate the threats.

Why you should join:
- Get a comprehensive overview of the evolving cybersecurity trends and threats in Indonesia.
- Learn about common vulnerabilities and how to safeguard your organization from cyber-attacks.
- Stay up to date with the latest regulatory and compliance requirements to ensure your business is legally protected.
- See how Outpost24 can provide comprehensive visibility into your attack surface and mitigate the risks.

Register now and join us for a session that will equip you with the knowledge and tools to protect your business in 2025 and beyond!

Cybersecurity trends and threats in Indonesia: 2025 and beyond

Hackare bryr sig inte om dina brandväggar, de letar efter din svagaste punkt.
Vet du var hackare troligen kommer rikta sina attacker mot dig? Testar du rätt saker, på rätt sätt?
Bli effektivare i ditt arbete med förebyggande säkerhet, genom att förstå hackarna på djupet.
Idag är hacking allt mer kommersialiserat, det handlar om pengar, och pengarna finns genom att utpressa dig, hota dina kunder, eller sälja din data till dina konkurrenter. Angriparen gör allt för att ta det som tillhör dig inklusive det förtroende du byggt för ditt varumärke, och hotar det för att pressa dig.

Frågan är – vill du se den komma, eller bara upptäcka skadan efteråt?
Anmäl dig nu innan någon annan hittar vägen in.

Så enkelt blir du hackad- se hotet live och förstå risken

Identifique, descubra y gestione su superficie de ataque externa y anticipe los riesgos digitales con EASM + DRP, nuestras herramientas especializadas gestionadas a través de nuestro partner estratégico de confianza Insside. 
 
Proteja su marca, evite fugas y supervise su presencia en la Dark Web. Este taller virtual proporcionará información crucial sobre los activos de las empresas expuestos a Internet que las hacen vulnerables a los actores maliciosos. Porque no se puede proteger lo que no se conoce. Muchas organizaciones tienen dificultades para realizar un seguimiento y conservar un inventario actualizado y una visión general de todos sus activos externos, así como de su exposición en la deep web y la dark web. Esto las hace vulnerables a posibles brechas de seguridad a través de diversos canales. La gestión de la superficie de ataque externa (EASM) y la protección contra riesgos digitales (DRP) son formas de descubrir y rastrear estas amenazas cibernéticas de forma proactiva. 
 
Únase a nosotros para: 
– Aprender a supervisar completamente la exposición de su organización a las amenazas cibernéticas externas. 
– Conocer los peligros asociados a una superficie de ataque no supervisada. 
– Conocer las mejores prácticas para mantenerse al día a la hora de proteger la superficie de ataque externa y la exposición de su organización.

Superficie externa y Ciberinteligencia: controla tu exposición

Ensuring compliance with the Criminal Justice Information Services (CJIS) Security Policy is crucial for organizations handling sensitive criminal justice information. The CJIS Security Policy sets out stringent requirements for password management to protect against unauthorized access and data breaches. In this exclusive Specops Software webinar, we will explore the best practices for CJIS compliance, with a particular focus on password security and how to protect your service desk from identity-based threats. 

Join our security experts as we explore: 

Key Requirements of the CJIS Security Policy for Password Management: 

- Minimum password length and complexity 

- Password expiration and history 

- Multi-Factor Authentication (MFA) requirements 

- Secure password storage and transmission 

- User education and awareness 


How Specops Password Policy Can Help Reduce Your Organization’s Risk: 

- Case studies of organizations that have successfully implemented Specops solutions for CJIS compliance

- Best practices for integrating Specops Password Policy into your existing IT infrastructure 


Whether you work in IT, security, or leadership, this session will help you identify risks and strengthen your defenses to meet CJIS standards.

Lock It Down: Meeting CJIS Password and Advanced Authentication Requirements

Join us for elevenses and a no-fluff panel discussion with your NHS peers. 
Hear directly from NHS IT professionals as they share how they’re tackling identity management and the password problem head-on: from blocking breached and guessable credentials to empowering users to reset their own passwords, all the way to protecting the service desk from impersonation attacks. 

What You’ll Hear: 
- How NHS trusts are blocking weak and breached passwords in AD 
- Why user self-service password resets reduce IT load and increase uptime 
- Ways to protect the service desk from social engineering and impersonation 
- Practical tips to meet NHS DSPT and Cyber Essentials requirements 
- Live Q&A with the panel 

If you're responsible for identity and access management in the NHS, this is a session you won’t want to miss. Register now!

Specops and NHS IT Leaders on Solving the Password Problem

The service desk is often the frontline for IT support, and it has become an increasingly attractive target for cybercriminals. Recent high-profile attacks of companies like M&S from Scattered Spider threat actor have shown how vulnerable this critical function can be. In this exclusive Specops Software webinar, we will explore how attackers are exploiting service desks to bypass security, hijack identities, and breach organizations. 

Join our security experts as we explore: 

- The tactics and techniques used in the Scattered Spider attacks 
- How attackers impersonate users and abuse service desk processes 
- Real-world attack paths and common social engineering methods 
- Practical steps to secure your service desk against identity-based threats 
- How Specops Software solutions can help reduce your organization’s risk 

Whether you work in IT, security, or leadership, this session will help you identify risks and strengthen your defenses. Register today!

Blocking the Next Breach: Lessons from Recent Attacks on M&S, Dior, Harrods, and Co-op

According to last year's Verizon Data Breach Investigation Report, web applications are among the top three attack vectors for threat actors, and there seems to be no sign of this changing in 2025. Web applications continue to be a prime target due to their widespread use, the valuable data they often contain and further knock-on-effects that such attacks and breaches might have both in terms of financial as well as reputational damages. As cyber threats evolve, organizations have to constantly reevaluate their strategies and countermeasures in order to stay ahead and enhance their application security posture.

In this webinar, Laura Enríquez, Product Manager Application Security at Outpost24, along with a member of the Outpost24 "Ghostlabs" team, will delve into the current web application security landscape. They will discuss the challenges and threats that cybersecurity experts face today, including vulnerabilities and attack vectors that are in use today. The panel will also share practical tips, tricks, and strategies to help organizations detect possible cracks in their web application cyber defense.

Attendees will gain insights into:
- Why web applications remain a top target for cybercriminals
- How are current trends impacting the application Security Landscape?
- How to reduce the effort of identification and prioritization of critical vulnerabilities
- What strategic and operational changes can be made to improve we application security

Whether you're dealing with time constraints, budget limitations, or the need for greater internal support, this webinar will provide valuable guidance to enhance your web application security in 2025.

Our guests: 
- Laura Enríquez, Product Manager Application Security at Outpost24
- An expert from the Outpost24 "Ghostlabs" team

On the state of modern Web Application Security

Web applications remain the most prevalent attack vector, with exploitation of vulnerabilities increasing by 180% in 2024, (Verizon, DBIR).
In a rapidly evolving digital landscape, protecting your web applications is no longer just an IT concern—it’s a critical business priority.
 
Join an exclusive panel of cybersecurity experts, including leaders in Application Security, External Attack Surface Management, and Managed Security Services, as they discuss how C-level executives can keep a cool head when faced with the challenges of a growing application attack surface.
This webinar will reveal how an innovative and flexible approach to continuous application security—integrating insights from external attack surface management and AI tools —can uncover not only the applications you know but also the ones you didn’t know existed.
 
In this session, you will learn:
 
• The rising threat of web application vulnerabilities: Insights into the 180% surge in exploitation and what it means for your organization.
• Comprehensive appsec programs with a flexible and consumption-based approach: How managed services and proactive EASM can continuously protect your applications, in real-time.
• Finding what you didn’t know you had: The power of EASM in discovering unknown apps and vulnerabilities that leave your systems exposed.
• How a managed service approach can help you to keep your head above the flood of findings and alerts in order to focus on the business critical vulnerabilities.
• Seamless integration with DevOps & SecOps: How to implement appsec programs in a flexible, cost-effective manner—without disruption.
 
This is an interactive discussion for any security experts looking to take a proactive, cost-efficient and holistic approach to safeguarding their organization’s most critical applications.
Don’t miss out on your chance to learn from the best in the business and equip your cybersecurity teams with the tools and insights to combat the next wave of cyber threats.

Application Security causing troubles? We know a guy!

As cyber threats continue to evolve, safeguarding access to your systems is more important than ever. Unlocking Secure Access: Mastering Multi-Factor Authentication explores the critical role of Multi-Factor Authentication (MFA) in protecting sensitive data and preventing unauthorized access. 

You'll learn how to implement MFA effectively, balancing robust security with a seamless user experience. Discover how integrating MFA with Active Directory can simplify access management and enhance your organization’s security without disrupting workflows. Join us for insights on strengthening your security infrastructure with minimal friction.

Unlocking Secure Access: Mastering Multi-Factor Authentication with Specops

Gesperrte Konten und frustrierte Nutzer – die Gefahr liegt in veralteten Passwortrichtlinien. Erfahren Sie im Webinar, wie moderne Sicherheitsstandards Passwörter stärken und Angreifern das Leben erschweren.

Der Blick auf den Bildschirm gefriert: „Zugriff verweigert“. Ein Passwort-Reset ist nötig – mal wieder. Während Nutzer frustriert neue Kombinationen erstellen, haben Angreifer mit schwachen oder kompromittierten Passwörtern ein leichtes Spiel.

Laut einer Umfrage von NordPass beträgt die Anzahl der geschäftlichen Passwörter im Durchschnitt 87. Diese Vielzahl erschwert die Verwaltung und erhöht das Risiko für Cyberangriffe. Kompromittierte Zugangsdaten zählen weiterhin zu den häufigsten Sicherheitslücken.

Wie lässt sich also der Spagat zwischen Sicherheitsanforderungen, strengen Richtlinien und Benutzerfreundlichkeit meistern? Das Webinar zeigt auf, wie Unternehmen ihre Passwortrichtlinien optimieren und gleichzeitig ein benutzerfreundliches Umfeld schaffen können – ohne die Sicherheit zu gefährden.

Highlights aus dem Webinar:
- Was macht ein Passwort wirklich sicher?
- Passwort-Schwachstellen gezielt aufdecken
- Benutzerfreundliche und starke Passwortrichtlinien - so einfach geht's

Passwortsicherheit in Active Directory - Dürfen es noch ein paar Zeichen mehr sein?

Avec la montée des cyberattaques pilotées par l’IA, la généralisation des passkeys et la fin annoncée des mots de passe traditionnels, la cybersécurité est à un tournant. Notre webinaire vous plonge dans les menaces et innovations à venir pour mieux anticiper les défis de demain. Au programme :

- L’état actuel des mots de passe : failles, erreurs humaines et pression réglementaire
- Cybermenaces 2025 : IA, phishing avancé, deepfakes et contournement MFA
- Vers un futur sans mot de passe ? Biométrie, passkeys et authentification adaptative
- Comment Specops Software sécurise vos accès : prévention en temps réel et protection des mots de passe compromis
- Bonus : Démo en direct et session Q&A

Ne manquez pas cette opportunité d’anticiper l’avenir et de renforcer la sécurité de votre entreprise !

Prédire l’avenir de la sécurité des mots de passe : les tendances à surveiller en 2025

Wenn es darum geht, Benutzer zu identifizieren und authentisieren, ist die Kombination von Benutzernamen beziehungsweise E-Mail-Adresse und Passwort nach wie vor die verbreitetste Methode in Unternehmen. Damit kommt der Sicherheit der verwendeten Passwörter eine zentrale Funktion in der IT-Sicherheit des gesamten Unternehmens zu. Zum Schutz des Unternehmensnetzwerks und vertraulicher Daten, fordert das BSI daher, dass Passwörter in geeigneter Qualität (Je nach Einsatzzweck und Schutzbedarf) gewählt werden müssen.

In diesem Webinar wird Ihnen Stephan Halbmeier, Product Specialist bei Outpost24 zeigen, wie Sie mithilfe von Specops Password Policy, sowie weiteren Lösungen aus dem Portfolio von Specops Software, die Anforderungen des BSI IT-Grundschutz-Kompendiums an Passwörter im Segment ORP.4 umsetzen können.

Einrichtung von Specops Password Policy für BSI IT-Grundschutz- konforme Passwortrichtlinien

Benutzernamen und Passwörter sind trotz ihrer Schwächen aus dem IT-Alltag nicht wegzudenken. Erfahren Sie im Webinar, wie Sie diese Authentifizierungsmethode wieder sicher und vertrauenswürdig gestalten.

In der digitalen Welt sind oftmals Passwörter der entscheidende Faktor, um zu bestimmen, ob jemand Zugriff auf das Unternehmensnetzwerk und sensible Daten erhält oder nicht. Doch leider sind diese Passwörter oftmals unzureichend stark oder bereits in den falschen Händen, weshalb Unternehmen vor der Herausforderung stehen, diese Authentifizierungsmethode so sicher wie möglich zu gestalten, wenn passwortlose Alternativen nicht in Frage kommen.

Laut dem Verizon 2024 Data Breach Report sind gestohlene oder kompromittierte Zugangsdaten weiterhin einer der häufigsten Angriffsvektoren von Cyber-Kriminellen.

Im Webinar-on-Demand zeigen wir Ihnen, wie einfach Unternehmen mithilfe von Third-Party-Tools Passwörter wieder zu einer starken und vertrauenswürdigen Authentifizierungsmethode machen können.

Dabei beleuchtet Stephan Halbmeier den Lebenszyklus eines Passwortes parallel zum Lebenszyklus eines Mitarbeiters in Ihrer Organisation. Von der sicheren Weitergabe des Passwortes am ersten Tag, über zusätzliche Authentifizierungsfaktoren, bis hin zu benutzerfreundlichen Kennwortrichtlinien und Accounthygiene beim Offboarding.

Sichere Authentifizierung gegen Active Directory - So einfach geht's!

Altlasten und Prozesslücken bieten Cyberkriminellen immer wieder Einfallstore. Wir zeigen, wie Unternehmen mithilfe von EASM ihre Angriffsfläche proaktiv überwachen können, bevor es zu spät ist.

Kennen Sie den tatsächlichen Umfang der Angriffsfläche Ihrer Organisation? Vertrauen Sie darauf, dass Prozessen und Workflows eingehalten und umgesetzt werden?

Verwaiste Assets, unzureichende Cyberhygiene, fehlende Zertifikate und mangelhaftes Consent Management für Cookies stellen jeweils eine ernste Gefahr für die Daten und Infrastruktur von Unternehmen dar.

Nur wer seine Angriffsfläche und alle darin exponierten Dienste vollständig im Blick hat, kann wirkungsvolle und rechtzeitige Maßnahmen gegen die zunehmend komplexen und raffinierten Cyberattacken umsetzen.

Im Webinar zeigen wir Ihnen eine Lösung, mit der Sie mögliche Gefahren in Ihrer Angriffsfläche aufdecken können, die klassische Vulnerability-Management-Tools nicht abdecken und wie Sie diese Lösung kostenlos für 14 Tage in Ihrer Organisation testen können.

Altlasten und Prozesslücken in der IT-Sicherheit - So einfach überwachen Sie Ihre Angriffslfäche!

Le compte à rebours est lancé ! Publiée en décembre 2022, la directive NIS 2.0 (Network and Information Security) va prochainement s’appliquer en France, impactant les PME, les collectivités territoriales et les grands groupes du CAC 40. Cette directive européenne, qui renforce et élargit les exigences de sécurité de NIS 1, place les dirigeants au cœur de la gestion des risques et des incidents cyber. Ce webinaire vous apportera une vue d'ensemble sur les nouvelles obligations et les sanctions en cas de non-conformité, ainsi que des conseils pour adapter vos systèmes d'information.

Nous aborderons les thématiques suivantes :
- Quelles entreprises sont concernées par NIS 2.0 ?
- Quelles sont les exigences de sécurité et les responsabilités des dirigeants ?
- Quels sont les risques et les sanctions en cas de non-conformité ?
- Comment mettre en œuvre un programme de conformité efficace ?

Rejoignez-nous pour ce webinaire et découvrez nos recommandations stratégiques pour vous préparer à cette transition cruciale. Protégez votre organisation et garantissez sa résilience face aux menaces numériques grâce à une mise en conformité rigoureuse avec la directive NIS 2.0.

NIS 2.0 : êtes-vous prêt à vous y conformer pour éviter les risques ?

As businesses continue to embrace remote and hybrid work environments in 2024, VPNs (Virtual Private Networks) remain a crucial component of secure network access. However, with the rise of cyberattacks surrounding leaked passwords, securing VPN password security remains a top concern.  Weak or compromised VPN passwords can lead to unauthorized access to corporate networks, making them a prime target for cybercriminals.
This webinar will focus on the state of VPN password security in 2024, exploring the current challenges businesses face in securing remote access and the strategies they can implement to mitigate risks. Attendees will learn about the latest trends in VPN security, best practices for managing VPN credentials, and how emerging technologies like passwordless authentication and multi-factor authentication (MFA) are transforming the way businesses protect their networks.

VPN Password Security in 2024: Safeguarding Business Networks in the Current Threat Landscape

External Attack Surface Management (EASM) and Pen Testing as a Service (PTaaS) provide valuable insights into a strong security plan to protect your organization. These tools contribute to key stages within the Continuous Threat Exposure Management (CTEM) approach, which protects your company’s networks, systems, and assets from cyber attacks, potential problems, and vulnerabilities - continuously. 

Join our tech talk, where experts will answer common questions about the combined approach of EASM and PTaaS. 

What you will walk away with: 
— Understanding EASM: Dive into what EASM is, why it’s crucial for your security strategy, and its key focus areas. Even if you believe your asset inventory is complete, discover why EASM is still essential. 
— Learn about PTaaS: Find out about PTaaS, how it’s different from traditional penetration testing, and why it’s important for security assessments. Discover the advantages and main features of PTaaS solutions. 
— Contrasting EASM and PTaaS: Uncover the differences between these tools and verify if having both can be a good choice for your organization.
— Integrated Solutions: Explore the advantages of managing both EASM and PTaaS through a single interface, from the initial planning stages to final reporting. 

This webinar is designed for IT professionals, chief information security officers, business leaders, and everyone committed to improving their organization’s cybersecurity posture. Whether you’re looking to implement EASM, PTaaS, or both, this session will provide you with the knowledge to make informed decisions and implement best practices tailored to your organization. 

Don’t miss this opportunity to challenge your security strategy — secure your spot today.

Everything you need to know about EASM and PTaaS — within CTEM framework

In this webinar, you will discover the significant costs associated with password resets and learn how much organizations can save by implementing a self-service password reset solution. The Specops Software team has recently did an analysis on the data showing the average savings organizations achieved in 2023 with this approach. The discussion will also cover the frequency of forgotten passwords, account unlocking, and help desk interactions, providing insights into how these factors can lead to increased efficiency and reduced operational costs.

This is an invaluable opportunity for IT professionals and decision-makers to understand the impact of efficient password management solutions and to explore strategies to enhance security while cutting costs. Don't miss out on the chance to gain expert insights and improve your organization's password security protocols. Join us to learn more about leveraging technology to benefit your business.

The Cost of Forgotten Passwords

This virtual workshop will provide crucial insights into the internet-facing assets of businesses that make them vulnerable to  threat actors. Because you can't protect what you're not aware of, we'll guide you through the most common, yet often forgotten high-risk assets in an external attack surface, as indicated by our benchmark findings. Many organizations struggle to track and maintain an up-to-date inventory of all their external assets, making them vulnerable to potential breaches through unknown backdoors. External attack surface management (EASM) is a way to discover and track these unknown assets that may be potential breach-points into your organization's network.  

During this talk, we'll present practical and effective reconnaissance techniques and show you how to proactively and efficiently control your external attack surface. 

Join us on Wednesday, May 16th at 3pm, CEST to:  
– Discover most common and often forgotten high-risk external IT assets  
– Learn about the risks associated with an unmonitored attack surface and our benchmark findings 
– Get better insights of the various methodologies and tools that keep your external attack surface under control 
– Best practice to stay up-to date when securing your external attack surface  

 
Following the  webinar, participants will be offered a customized analysis of their external attack surface, in reference to regional benchmark findings.

Protect Your External Attack Surface: Findings and Best Practice in 2024

Join Thomas Stacey, Application Security Auditor at Outpost24 to discuss web application security and pen testing for agile development teams in 2024. We'll dive into the pros and cons of in-house versus outsourced pen testing, hybrid pen testing as a service, what to look out for in an audit in 2024 including recent findings from Tom's own pen testing, and how to best utilize automation in your org's security posture. 

Tom has some fascinating findings to share including some oldie-but-goodies you shouldn't overlook. 

Plus, we'll take answer your questions live in an "ask the pen tester" format.

Agile Web Application Security in 2024

What the Data from the 3rd Annual Specops Breached Password Report is Telling Us

Join us as Specops Software Sr. Product Manager, Darren James, and Outpost24’s Head of Threat Intelligence Operations, Victor Acin discuss what the data around passwords in the Specops annual 2024 report is telling us. 

In this informal discussion, Darren and Victor will discuss and break down the data in the newly released 3rd Annual 2024 Specops Breached Password Report. 

The report shares the latest research into the trends and patterns of weak and compromised passwords and how they are exploited while exposing the hidden risk of compromised passwords. Darren and Victor delve into the data around keyboard walk patterns, the strength of longer passwords, and baffling stats uncovered by the Threat Intel team for this year’s Specops Breached Password Report.  

Join the discussion to hear the data insights and see how your organization can block compromised passwords, and more.  Grab your copy of the 2024 Specops Breached Password Report here: https://specopssoft.com/our-resources/most-common-passwords

Tech Talk: The State of Password Security in 2024

According to the Verizon Data Breach Investigations Report (DBIR), a staggering 63% of data breaches involve weak, default, or stolen passwords. Don't leave your organization exposed to this risk.

In this webinar, we will discuss the world of password security and equip you with essential knowledge to safeguard your workforce. You'll gain insights into preventing weak and compromised passwords and proactive strategies for defending against ransomware, phishing and social engineering.

During this webinar, we'll cover the following:
- An overview of attacks targeting your employees, including brute-force attacks, social engineering, ransomware, and phishing
- The significant dangers of weak passwords and their implications for your organization's security
- Strategies for identifying and blocking weak passwords right at the point of creation
- Best practices for proactively preventing weak passwords

Register now and stay one step ahead of cyber criminals.

Combatting cyber-attacks targeting your employees with password security

Crafting a Cyber Essentials Compliant Password Policy: Everything You Need to Know

Cyber Essentials the UK government-backed scheme launched in 2014, has been helping organisations of all sizes guard against the most common cyberattacks faced in the current landscape.

Within the certification, there are various password-based authentication requirements that need to be evaluated and put in place for compliance. With over 63% of data breaches involving the use of weak, default, or stolen passwords (Verizon DBIR) mastering the password problem needs to be the foundation of any organisation's cyber defence.

We’ve put together this interactive deep-dive into how this problem can be tackled with the Cyber Essentials requirements in mind. 

During the talk, we’ll cover:
• An overview of the password-based authentication requirements for Cyber Essentials certification and NCSC recommendations
• How you can easily check existing password policy compliance against Cyber Essentials / NCSC standards
• Free tools to easily identify pre-existing password security vulnerabilities in your organisation 
• How 3rd party password policy tools can easily meet requirements and empower users with dynamic feedback, passphrase creation and compromised password alerts
• Any questions asked in an interactive Q&A session

If you want peace of mind that the password problem is covered in your organization, join us for everything you need to know about crafting the perfect Cyber Essentials-compliant password policy.

Register for the live-stream now or be alerted when its available on-demand.

Crafting a Cyber Essentials Compliant Password Policy

In our rapidly evolving digital era, cybersecurity is in a constant state of flux. In this webinar our threat intelligence experts will highlight the latest threat actor trends, vulnerabilities and campaigns threatening organizations today. We will provide valuable insights into the cybercrime landscape and how to protect your organization and safeguard your assets against opportunistic adversaries. 

This highly informative webinar will cover the following topics, followed by a Q&A session: 

- Latest trends in threat actors, vulnerabilities, and campaigns 
- Anticipating shifts in the threat landscape and alert-based scoring
- Recommendations and best practice

Cybercrime trends: Uncovering the latest strategies of threat actors

After attending this webinar, you’ll know:
- The numbers behind why organizations of all sizes consider removing expiry
- The things you need in place before even considering removing expiry
- Whether or not removing expiry is right for your AD environment

Is this talk right for you? 
- This discussion will focus on whether or not to remove expiry for Active Directory passwords. This discussion will be the best fit you are using Active Directory in an on-prem or hybrid environment. If you are only using Azure Active Directory (or a non-Microsoft environment), this discussion will be less applicable for you.

- Whether you’ve already rolled out a “never expire” project in your organization, are considering one, or want to validate it’s not the right fit for you – this webinar will help you consider how best to implement (or not) and help you consider what you may have overlooked.

Can't make it live? Register anyway to get the recording.

What Most Orgs Get Wrong About "Never Expire"

Please join cybersecurity expert, Darren Siegel along with Nathan Johnson as they share how you can get the most out of your Specops Password Auditor reports. They will discuss the password vulnerabilities uncovered in your results, what you should be doing about them and how often you should scan your Active Directory.  

Specops Password Auditor is a free read only tool that scans your AD for over 950 million unique compromised passwords and other password vulnerabilities that could be lurking in your AD!

If you haven’t scanned your Active Directory yet you can download Specops Password Auditor here: https://specopssoft.com/product/specops-password-auditor/

Don’t let go of the security-related weaknesses related to password settings that are detected. Understand what the collected information is telling you in the display of multiple interactive reports containing user and password policy information. With multiple reports that include, a summary of accounts using compromised passwords, identical passwords, and many more you will be able to see a comparisons of your organization's password settings with industry standards and best practices according to multiple official standards.

Getting the Most Out of Your Specops Password Auditor Report

You can't stop the expansion of your external attack surface, but you can identify unknown assets and their vulnerabilities to mitigate the security risk. External attack surfaces expand due to modern software development practices, mergers and acquisitions, the adoption of multi-cloud strategies and much more. 
  
Many organizations find it difficult to monitor these changes and end up leaving themselves vulnerable to the 'unknown unknowns' - potential backdoors that can lead to a breach. 
  
External attack surface management (EASM) is a way to discover and track external-facing assets that may be potential breach-points into your organization’s network. EASM helps organizations create an accurate inventory of their internet-facing assets and vulnerabilities before it can be exploited - the first step in effectively defending against attacks. From there, security teams can continually monitor their external attack surface and prioritize their remediation efforts.
  
Join our webinar - Keeping Your External Attack Surface Under Control - on Thursday 21st September at 3pm CEST to learn how modern organizations use EASM to: 

• Discover shadow IT and unknown, external assets connected to your organization 
• Identify common misconfigurations and vulnerabilities in exposed assets 
• Score your vulnerability exposure and prioritize what needs to be fixed first 
• Continuously monitor the attack surface for new vulnerabilities introduced by exposed assets or configuration changes 
• Compliment vulnerability assessment and threat intelligence tools in a broader threat exposure management program 

At the end of this webinar, attendees receive an invitation to a personalized evaluation of their external attack surface

Keeping your External Attack Surface Under Control

Join us for an exclusive webinar with guest speaker David Jacoby, one of Europe's most boldest hackers and IT security experts where we delve into the dynamic landscape of modern business environments embracing the cloud. As enterprises increasingly migrate towards cloud ecosystems, we find ourselves navigating a hybrid realm, where servers span both sides of the cloud, and clients must seamlessly function across these domains. However, this new frontier presents a challenge that cybercriminals are exploiting, making it imperative for businesses to fortify their defenses.

In this webinar you will learn:
- Securing hybrid environments: Explore the intricate interplay between on-premises servers and cloud platforms and discover why continuous security scanning is critical to your security posture.
- Understanding the attack chain: Gain insights into the mind of a cybercriminal. Unravel the stages of an attack and acquaint yourself with the arsenal of tools hackers employ. By comprehending their tactics, you'll be better equipped to devise proactive security measures.
- Advance security protocols: Elevate your security posture with trusted testing solutions and best practice measures. 
- Industry best practice: Hear insights and tips from one of Sweden's leading professional hackers David Jacoby

By attending this webinar you will get a grasp of the intricacies of cyber threats and the vulnerabilities inherent in a hybrid environment and you'll be fully equipped to bolster your defenses.

About David:
David Jacoby is one of Sweden's most boldest hackers and IT security experts. He has over 25 years of experience in professional hacking and has won several awards both as a speaker and for his unique research and dedicated work to stop digital crime.

Unlocking Cybersecurity in the Cloud: Safeguarding Your Digital Transformation

There’s a gap between the identification of vulnerabilities and the IT resource available to remediate them within the timeframe attackers operate. With a mountain of new vulnerabilities coming in everyday, you need to be able to prioritize your remediation efforts based on which threats pose the biggest risk.  

In this 30-minute webinar you will learn: 
• How to implement Farsight and getting the most from your Outscan and HIAB license 
• Live demo to identify and prioritize threats based on threat intelligence risk scoring (0 to 100) 
• Solution-based reporting for actionable insights
• Setting up risk-based prioritization filters to suit your needs
• Activate your three-month trial  

By the end of this webinar, attendees will understand how to implement our risk-based prioritization tool Farsight and best practices to improve their remediation efforts.

Enhance your VM program with our risk-based prioritization tool

Securing Your Active Directory: How to Find and Block Weak Passwords

Active Directory is the backbone of most enterprise networks and securing it is critical to protecting sensitive information. One of the weakest links in Active Directory security is weak passwords. In this webinar, we will explore how to find and block weak passwords in Active Directory to enhance your organization's security posture.

During this webinar, we will cover:

• An overview of Active Directory and why securing it is crucial.
• The dangers of weak passwords and the risks they pose to your organization's security.
• How to identify weak passwords in Active Directory 
• Best practices for blocking weak passwords in Active Directory

By the end of this webinar, attendees will have a solid understanding of how to identify and block weak passwords in Active Directory, reducing the risk of security breaches and protecting sensitive information. Join us and learn how to secure your Active Directory!

Securing Your Active Directory: How to Find and Block Weak Passwords

In recent years, the theft of credentials has evolved into a highly professionalized cybercriminal activity. The number of Initial Access Brokers (IABs) skyrocketed, ransomware groups multiplied, malware prices increased, and Traffers have emerged.

In this webinar, Outpost24’s Victor Acin - KrakenLabs Manager provides a deep dive into the credential theft ecosystem and Traffers, providing best practice and encouraging organizations to evaluate their security measures against these evolving threats.

This highly informative webinar will cover the following topics, followed by a Q&A session:

•  Introduction to credential theft
•  Traffers ecosystem
•  Conclusions
•  Recommendations and best practice

This webinar is ideal for security professionals, and anyone interested in learning more about how to protect their organisation from similar threats.

Dark Web Trends: Credential Theft and the Traffers Ecosystem

Cyber attacks are expected to increase in 2023. Even if you think you're on top of your game in cyber security the only constant is that the threat landscape will continue to evolve and your need to remain vigilant.

Specops Software’s cyber security expert Darren James will be covering key areas to focus your cyber security efforts in 2023 and hopefully add a few more items to your checklist for next year.

In this webinar attendees will learn:

• What to expect in 2023’s threat landscape
• How to reduce the risk of evolving phishing and ransomware attacks
• Cyber security quick wins for your business
• Q&A with Darren James – Head of IT for Specops Software

Cyber security predictions and quick wins in 2023

Webinars

API Management is a critical component of modern application development. As organizations increasingly rely on APIs to exchange data between systems, they must also consider the potential security risks that come with API usage.

In this 30 minute webinar, Outpost24’s Thomas Stacey will walk you through a vulnerability he recently discovered in Azure's API Management Developer Portal that can be exploited to perform an account takeover attack. Thomas will be exploring the various steps involved in identifying the vulnerability, disclosure and eventual release of the fix.

The following topics will be covered, followed by a Q&A session:

• Overview of Azure's APIM Service
• Identifying the vulnerability in Azure's API Management Developer Portal
• The Road to a Bug Bounty
• Conclusion and Application Security Best practice

This webinar is ideal for developers, security professionals, and anyone interested in learning more about vulnerability discovery and understanding why manual testing is essential for application security.

Account Takeover in Azure's API Management Developer Portal

Application Security

Vulnerability Scanning

API Management

Application Management

Vulnerabilities

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Account Takeover in Azure's API Management Developer Portal

Presented by

About this talk

Outpost24