Part one of this series on identity-based attacks highlighted password spray, credential stuffing and machine-in-the-middle attacks. To recap, in a password spray attack, a threat actor attempts to use a few commonly known passwords across multiple accounts with the hope that even a single user has set that specific password for their login credential.

Read full article on Security Magazine