Research Reveals ‘Password’ Still the Most Common Term Used by Hackers to Breach Enterprise Networks

Password management and user authentication solutions provider Specops Software has today announced the release of its annual Weak Password Report which analysed over 800 million breached passwords and suggests that passwords continue to be a weak spot in an organisation’s network.

The study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being 8 characters (24%).  The most common base terms used in passwords were: ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. Passwords containing only lowercase letters were the most common character combination found, making up 18.82% of passwords used in attacks.

Ironically, the study revealed that 83% of compromised passwords did satisfy both length and complexity requirements of cybersecurity compliance standards such as NIST, PCI, ICO for GDPR, HITRUST for HIPAA and Cyber Essentials for NCSC. 

“This shows that while organisations are making concerted efforts to follow password best practices and industry standards, more needs to be done to ensure passwords are strong and unique,” said Darren James, Product Manager at Specops Software. “With the sophistication of modern password attacks, additional security measures are always required to protect access to sensitive data.”

Furthermore, brute force attacks are a common tactic used by cybercriminals to gain access into an organisation’s network to steal sensitive data. Threat actors will use common, probable, and even breached passwords to systematically run them against a user’s email to gain access to a given account. For example, the Specops researchers also noticed the inclusion of ‘homelesspa’ – a password term found in 2016 MySpace data leak, proving that ‘old’, breached password terms are still being leveraged by hackers many years later. This is a critical reason why organizations need strong password policy enforcement.

The research was largely compiled through analysis of 800 million breached passwords, a subset of the 3 billion unique passwords in Specops Breached Password Protection.

Real-world example: Nvidia

In Nvidia’s data breach in 2022, where thousands of employee passwords were leaked, many employees had used passwords such as ‘Nvidia’, ‘qwerty’ and ‘nvidia3d’. Having passwords related to the organisation is an easy route for hackers into the network.  Despite industry warnings against easily guessable passwords, users are still resorting to common passwords.

“The 2023 edition of the Weak Password Report reiterates the ongoing challenges of securing the weakest link in the enterprise IT environment,” said James. “To stay on top of today’s credential attacks, all companies should put strong password policy enforcement in place, including custom dictionaries related to the organisation.”

Password Protection Best Practices

Three key enforcement measures recommended by Specops are:

  • For most business, this starts with protecting Active Directory, the universal authentication solution for Windows domain networks. 
  • Default password policy settings in Active Directory do not go far enough. Third-party password security software can strengthen Active Directory accounts. 
  • Look for a solution that can block the use of compromised passwords and commonly used terms with custom dictionaries.

For more information about the research, check out the full data and analysis here.


The post Research Reveals ‘Password’ Still the Most Common Term Used by Hackers to Breach Enterprise Networks appeared first on IT Security Guru.

Find WiFi Password Of Connected Networks In Linux

Find WiFi Password Of Connected Networks In Linux

If you are using Linux and looking for methods to find WiFi passwords of connected networks in Linux-based operating systems then this blog is for you. There are multiple ways to find the WiFi password of connected networks in Linux.

How To Find WiFi Password Of Connected Networks In Linux

Method 1:

View Saved WiFi Password Of Connected Networks From Command line In Linux

In Ubuntu and derivatives, the wireless network configuration files are saved in the /etc/NetworkManager/system-connections/ directory.

ls /etc/NetworkManager/system-connections/
You will see an output with the password

Method 2:

How To Show Saved WiFi Password using Nmcli

Run the following command to find the list of available wireless network connections:

nmcli device wifi list

Now, Display the password of the currently connected WiFi network using the following command:

nmcli device wifi show-password

Zurich and Barrier Networks partner to Offer Enterprise Cyber Risk Assessments

Barrier Networks, a Cybersecurity Managed Service Provider, has announced it has entered into a new partnership with Zurich Resilience Solutions, part of Zurich UK, to help businesses improve their cyber resilience.

Zurich Resilience Solutions (ZRS) provides underwriting assurance to underwriters to help them better understand cyber risk and exposures of client environments, as well as cyber risk and resilience advisory services to clients to improve cyber resilience. Barrier compliments ZRS internal cyber risk advisory services, offering technical expertise and services including penetration testing, managed cybersecurity services, assessment and consulting.

The partnership will not only focus on enterprise security, but it will also cater to organisations running Operational Technology in critical industrial environments. These organisations have come under increased threat from cybercrime recently, and Barrier Networks and Zurich will help meet these needs by helping them reduce the risk of data breaches that could be caused by unidentified cybersecurity issues.

“We are delighted to be working with such an established cyber insurance player as Zurich. Cybersecurity is an enormous task for most businesses and very few have the resources to manage it alone. Our partnership will help organisations overcome this challenge as we help them improve their security and tackle key issues to meet critical cyber insurance requirements. No organisation can gamble with their cyber defences today, and through our partnership we will be arming more businesses with the skills and expertise they need to stay secure,” said Ian McGowan, Managing Director of Barrier Networks.

Arunava Banerjee, Cyber Risk Consulting Lead, Zurich Resilience Solutions, said: “This partnership will further strengthen the suite of cyber risk advisory services we offer to customers.  Cyber risk is a critical threat facing companies of all sizes. By strengthening their cyber defences, we can help businesses to both reduce their exposure to attacks and better navigate the present hard market for insurance cover.”

The post Zurich and Barrier Networks partner to Offer Enterprise Cyber Risk Assessments appeared first on IT Security Guru.

Cato Networks names as 2021 Innovation Award Winner

Italian manufacturer, the Gnutti Carlo Group, has named Cato Networks its Best Supplier in the Innovation category for 2021. The award recognises the high value of the WAN connectivity and security the Cato SASE Cloud delivers in support of Gnutti Carlo Group’s digital transformation initiative. Using just Cato SASE Cloud, the Gnutti Carlo Group has replaced its legacy MPLS services into China, legacy firewalls, VPN concentrators, and gained secure, high-performance connections to public and private clouds. 

“Cato’s focus on product, process, and methods helped the Gnutti Carlo Group adopt a new enterprise approach for a cloud-native networking and security service, the Cato SASE Cloud. It is for this that Cato won the 2021 Innovation Award,” says Omar Moser, Chief Information Officer at Gnutti Carlo Group. “Thanks to the Cato platform together with strategic services, Gnutti Carlo Group has benefitted from a more structured, controlled, and secure ICT landscape across the entire company.” 

Gnutti Carlo Group, headquartered in Maclodio (Brescia, Italy), is a world leading manufacturer in the automotive sector. It is a partner to several OEMs that are active in the auto, truck, earthmoving, motorcycle, marine, generator sets, and e-mobility sectors. With a turnover of 700 million euros and nearly 4,000 employees, the company spans 16 plants in nine countries in Europe, America, and Asia.  

The company began recognizing its outstanding suppliers in 2015 with an award in each of three categories: direct material, indirect, and innovation. All divisions throughout the multinational company nominate and evaluate a small number of suppliers for each category. “Gnutti Carlo Group strongly believes in this initiative through which the good engagement and the exceptional performance of the suppliers are recognized and well appreciated,” says Moser. 

“We appreciate Gnutti Carlo Group’s recognition of Cato as the Best Supplier for Innovation in ICT and more specifically in networking and security,” says Luca Simonelli, Vice President of EMEA Sales for Cato Networks. “Converging networking and security into the global Cato SASE Cloud enables Gnutti Carlo Group and all enterprises to become more efficient and agile in addressing critical business initiatives for global operations, cloud migration, widespread remote access, and business restructuring and transformation.” 

Cato was nominated as a result of transforming Gnutti Carlo Group’s security and networking infrastructure. The project began with addressing global networking. “We were undertaking a digital transformation initiative across the enterprise, and we needed to standardize and simplify the network connectivity and security of our wide area network,” says Moser. 

The company evaluated traditional appliance-based networks and security service edge (SSE) solutions but wasn’t happy with the results. “They couldn’t provide us with both security and networking,” he says. “Cato Networks’ innovative approach gives us both all in a simple cloud solution. It even supports our facilities in China.”  


The post Cato Networks names as 2021 Innovation Award Winner appeared first on IT Security Guru.

Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar

Cato Networks recently announced that it was named as a “Leader” and “Outperformer” by GigaOm in the analyst firm’s Radar Report for Secure Service Access (SSA), GigaOm’s term for SASE/SSE. The report’s comprehensive review evaluates the degree to which suppliers converge security and networking into a single, global platform. Cato is only SASE provider to be ranked an SSA “Leader” and an “Outperformer” with perfect delivery of SD-WAN as well as the core network-based security capabilities – Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero-Trust Network Access (ZTNA).

“Since publishing the 2021 Radar for Service Access Solutions [GigaOm’s prior term for SSA], Cato Networks has moved from being a Challenger to a Leader and an Outperformer due to its innovation and execution against its roadmap,” writes GigaOm analyst and report author, Ivan McPhee.

“In the world of networking and securing the enterprise, the platform is critical. It’s the convergence of capabilities into a global platform that allows for the radical simplicity and operational efficiency promised by SASE and SSA. GigaOm’s thorough research underscore this architectural prerequisite and we’re honored to be named a Leader and Outperformer in the SSA Radar Report,” says Yishay Yovel, Chief Marketing Officer at Cato Networks.

Cato Networks: The Prototypical SASE/SSA Platform

The report found Cato SASE Cloud to be one of the few SSA platforms capable of addressing the networking and security needs for large enterprises, MSPs, and SMEs.

The Cato SASE Cloud provides outstanding enterprise-grade network performance and predictability worldwide by connecting sites, remote users, and cloud resources across the optimized Cato Global Private Backbone. Once connected, the Cato SSE 360 pillar of Cato SASE Cloud enforces granular corporate access policies on all applications — on-premises and in the cloud – and across all ports and protocols, protecting users against threats, and preventing sensitive data loss.

Of GigaOm’s key SSA Criteria, the Cato SASE Cloud was the only Leader to be ranked Exceptional in seven of eight categories:

  • Defense in Depth
  • Identity-Based Access
  • Dynamic Segmentation
  • Unified Threat Management
  • ML-Powered Security
  • Autonomous Network Security
  • Integrated Solution

And the company found a similarly near-perfect score when it came to the core networking and network-based security capabilities comprising SSA solutions: SD-WAN, FWaaS, SWG, CASB, ZTNA, and NDR.

“Founded in 2015, Cato Networks was one of the first vendors to launch a global cloud-native service converging SD-WAN and security as a service,” says the report. “Developed in-house from the ground up, Cato SASE Cloud connects all enterprise network resources—including branch locations, cloud and physical data centers, and the hybrid workforce—within a secure, cloud-native service. Delivering low latency and predictable performance via a global private backbone”

Delivering a Converged Networking and Security Platform Challenges the Industry

Since SASE’s inception, analysts have pointed to the importance of having one, converged cloud platform connecting and securing the complete enterprise — sites, users, and cloud resources. It’s this radical simplicity that enables the agility, cost savings, visibility, improved security, and operational improvements associated with SASE/SSA.

But the complexity of converging networking and security capabilities to form such a platform has long challenged legacy technology and service providers. As GigaOm notes, “The SSA landscape is becoming increasingly blurred with incumbent vendors repackaging and repositioning legacy products as integrated platforms, acquiring new technologies, or making strategic alliances to fill the gaps in their portfolios.”

Enterprises need not only consider functionality claimed by SSA vendors but the convergence of those capabilities. Says GigaOm, “When talking to vendors, verify the level of integration between individual SSA capabilities. Ensure that their vision is aligned with yours and their roadmap includes the features and integration you need.”


The post Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar appeared first on IT Security Guru.

Cato Networks Announces New Data Loss Prevention Engine & SSE 360

Cato Networks, global SASE cloud provider, just announced the release of their new Data Loss Prevention (DLP) engine. Part of Cato’s SSE architecture, the DLP is meant to offer protection of data as well as prevention of loss of data across organisation software and applications. 

Historically, DLP has been considered complex and operationally complicated. With inaccuracies in traffic routing and a limited scope of protection, DLP left some issues to the wayside such as disruptions to daily organisational operations. 

Cato DLP, however, reportedly solves this issue. Consolidated within Cato SPACE (Single Pass Cloud Engine) architecture, the DLP can widely view and control all traffic at all times. Utilising machine learning for smarter data protection, Cato DLP streamlines what was once imperfect and largely unconsolidated.  

But that’s not all. Cato Networks has also announced their SSE 360 platform release, with which the DLP will be converged. Extending beyond typical SSE functionality, SSE 360 sets its sights on the optimisation, control, and visibility of internet traffic, WAN, and the entire cloud. 

CEO and co-founder of Cato Networks, Shlomo Kramer, noted: “Traditional SSE architectures alone are not enough to protect the enterprise. They have limited visibility and control over WAN traffic which drives the need for multiple networking and security architectures. What’s needed is one architecture that can provide visibility into and control over all traffic to all applications and resources from all endpoints. Cato SSE 360 is the first SSE solution to meet that challenge.” 

Here at IT Security Guru, we are looking forward to seeing Cato DLP and SSE 360 in action. 

The post Cato Networks Announces New Data Loss Prevention Engine & SSE 360 appeared first on IT Security Guru.