Computer Security News and Insights
The Text Message That Cost One Company $15 Million In 2022, threat actors hit Twilio with an SMS-based social engineering attack that compromised employee credentials and exposed data for over 160 customers. The attack didn't involve a sophisticated zero-day exploit. It started with a text message pretending to
Last March, a finance director at a mid-size logistics company wired $2.1 million to a threat actor who had spoofed the CEO's email address. The message looked perfect — right tone, right signature, right sense of urgency. The only thing wrong was the reply-to domain, off by a
That "Unsubscribe" Link Just Installed Malware on Your Network In January 2024, a mid-size accounting firm in Ohio lost access to every client file it had. The entry point wasn't a sophisticated zero-day exploit. It was a single spam email disguised as a shipping notification from
In 2023, a single employee at MGM Resorts used a corporate credential to respond to a social engineering call. The threat actor impersonated IT, gained access, and triggered a ransomware attack that cost the company over $100 million. The kicker? A well-enforced acceptable use policy — one that clearly defined how
The Clock Starts Ticking the Second You Discover a Breach In March 2024, Change Healthcare suffered a ransomware attack that exposed the protected health information of over 100 million individuals. The fallout wasn't just technical — it was a cascading failure in communication, notification, and reporting that took months
A Single Stolen Password Cost This Company $60 Million In 2023, MGM Resorts International was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The
In 2023, MGM Resorts lost roughly $100 million after a social engineering attack bypassed every piece of computer security software they had deployed. The attackers didn't exploit a zero-day vulnerability. They didn't brute-force a firewall. They called the help desk, impersonated an employee, and walked right
43% of Cyberattacks Target Small Businesses — Most Aren't Ready That number comes straight from the Verizon Data Breach Investigations Report, and it's been climbing for years. In my experience working with organizations of every size, small businesses consistently overestimate their security posture and underestimate their exposure.
Welcome to the Phish Tour Nobody Asked For In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call. The threat actor convinced a help desk employee to reset credentials. Total estimated cost: over $100 million. That attack didn&
In 2023, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be a legitimate video call and email chain from the company's CFO. It was all fake — the video was a deepfake, and the emails were
