Passwords continue to be the top weakness exploited in penetration-testing engagements, report says. Rapid7: Password spraying, offline password cracking, and man-in-the-middle attacks are the top techniques for external attackers. Too many companies rely on users to pick good passwords and not reuse them across services, says Rapid7’s Tod Beardsley. Companies are taking more than 90 days to patch half of the Internet critical systems, he says. After exploiting unpatched software, moving laterally across a network is the third most successful strategy for penetration testers.”]