Rapid Threat Test Results

Overall Threat Level

medium

As of Jul 2, 2020 7:08 pm

There are a few threats and tasks to take care of, and they're starting to rise in volume or age. We recommend resolving them within the next week.

Note: This service is designed to be passive and lightweight. It may not find all issues and is for evaluation purposes only. The Havoc Shield Platform contains comprehensive scanning and monitoring beyond what you see here.

Staff Found in Data Breaches

Breached information such as employee account passwords or even what breached services are taken advantage of by malicious actors in attacks against your organization. They know users often reuse passwords, and use automated attacks to try breached logins against your email, bank, and corporate accounts.

No fresh breaches found this time, but that doesn't mean there aren't any!

Havoc Shield regularly scans breach databases for new exposures and then helps you and your employees respond to them.

Website Vulnerabilities

We performed a scan of the tech your website uses and we noticed insecure software, exploitable mis-configurations, and/or vulnerabilities. This scanner uses widely-available tech that malicious actors can use as well, so if we know about these issues, it’s likely they know too.

Critical

High

Medium

Low

Immediately run a full scan to get mitigation instructions and assign these vulnerabilities now.

Social Engineering & Phishing

OSINT refers to the information attackers can gather and use against your organization. Examples include discoverable archive or config files, media, or code repositories. Look-a-like domain names are used in targeted phishing and other types of social engineer attacks to gain the trust of your users or employees.

Sensitive OSINT Exists

20+ Look-a-like Domains

Available Look-a-Like Domains

These domain names look like yours and are still available to register and use against you. Havoc Shield automatically watches, alerts, and defends against look-a-like domains like these.

Secure these look-a-like domains and enable brand impersonation monitoring.

Your Ecosystem

There are critical gaps in your defense that require prioritization, new tools, guidance, reconfiguration, and enforcement across your team. Most software and services “ship” insecure by default, and that can cause big problems. Here are a few of them.

MFA not enforced

Without multi-factor authentication enabled across your ecosystem, company accounts are at significant risk. Discovery of services that support MFA, configuration and enforcement should be immediately remedied.

Lacking Virus/Malware Protection

Computers are still a favorite, and squishy target of attackers. Consumer-grade AV is not enough to defeat sophisticated threats like ransomware. A centrally managed, business-grade endpoint protection suite should be used on all machines.

Weak & Insecurely Shared Passwords

Staff trading plaintext passwords to company accounts over email are bound to end up in the wrong hands. Weak passwords are often reused personally and at work without a company-wide password manager to store unique logins and manage secure, shared access.

Resolve these gaps with included tools and self-serve configuration guidance.

Home & Office Network Scan

Whether at home or at the office, the network you’re connecting from is constantly under attack. This scanner tries to locate open ports, unpatched networking equipment firmware, and insecure settings that attackers can use to take over your network or the machines connected to it.

No open ports

Possible equipment vulnerabilities

You have no open ports but your networking equipment may have unresolved vulnerabilities making it susceptible to attacks. A full scan should be completed.

Run a full network scan for you and every employee working remotely.

Solve These Issues - 14 Day Free Trial

All Features | Pricing Plans

Have a question or want a personal demo? Call us at (888) 484-2862 or chat now.