Password resets, commonly used to regain access to accounts, are a prime vulnerability for attackers. Research from Specops Software reveals that social engineering targeting helpdesks can turn legitimate reset requests into complete account takeovers.
Password reset processes represent a critical security gap that attackers routinely exploit. Rather than cracking complex passwords, threat actors target the reset mechanism itself by impersonating users to helpdesk staff.
Specops Software's findings demonstrate how social engineering—manipulation of helpdesk personnel—can bypass technical security controls entirely. Attackers contact support teams with convincing pretexts to authorize password resets, gaining full access without brute force or phishing campaigns.
The vulnerability stems from the human element. Helpdesk staff operate under pressure to assist users quickly, making them susceptible to social engineering tactics. Attackers exploit this by researching targets beforehand and providing seemingly legitimate verification details.
Organizations relying on regular password resets as their primary security measure face increased risk. Security protocols must strengthen reset authentication processes, implement stricter identity verification procedures, and provide helpdesk training on social engineering detection. Multi-factor authentication and passwordless authentication methods offer more resilient alternatives to traditional password management.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.