Computer Security News and Insights
In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems for hospitals and pharmacies nationwide for weeks. UnitedHealth Group later confirmed the breach affected approximately 100 million individuals. If you think your organization
The CFO Who Wired $25 Million to a Threat Actor In early 2024, a finance worker at engineering firm Arup was tricked into transferring $25 million after attending a video call with what appeared to be the company's CFO and other colleagues. Every person on that call was
The Breach That Started Behind the Firewall In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. The attacker didn't punch through a firewall. They didn't exploit some exotic zero-day. They
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual
The Breach That Changed How I Think About Cyber Security In February 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for nearly every hospital and pharmacy in the United States. UnitedHealth Group later confirmed the breach affected approximately 100 million individuals — making it the largest healthcare
In 2023, a single reused password gave a threat actor access to 23andMe's credential-stuffing attack that exposed the data of nearly 7 million users. The attacker didn't exploit a zero-day vulnerability or deploy sophisticated malware. They just tried stolen passwords from other breaches — and millions of
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,
A Teenager Breached Uber. No Malware Required. In September 2022, an 18-year-old compromised Uber's internal systems — not with a sophisticated zero-day exploit, but with a text message. The attacker bombarded an Uber contractor with multi-factor authentication push requests until the contractor finally approved one. From there, the threat
In late 2024, security researchers at Avanan documented a surge of phishing campaigns that weaponized legitimate DocuSign and PayPal infrastructure to deliver convincing credential theft attacks. The emails didn't come from spoofed domains. They came from the actual DocuSign and PayPal platforms — which is exactly why they sailed
One Click Cost This Company $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained enough access to deploy ransomware across the entire
