Computer Security News and Insights
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on
The FTC Just Fined Another Company Millions — Is Yours Next? I was just reading in 2023 the FTC finalized sweeping updates to its Safeguards Rule, and since then, enforcement has only accelerated. Companies like Chegg, CafePress, and Drizly didn't just face fines — their executives were personally named in
The FTC Doesn't Care About Your Good Intentions In 2023, the FTC finalized an order against Drizly — an online alcohol delivery company — after a data breach exposed the personal information of roughly 2.5 million consumers. The kicker? The FTC didn't just go after the company.
In September 2022, a teenager allegedly convinced an Uber employee to hand over access credentials through a simple text message. No zero-day exploit. No sophisticated malware. Just a convincing story and a target who didn't verify the request. That single social engineering attack gave the threat actor access
A Trusted Software Update Became the Biggest Backdoor in History In December 2020, FireEye disclosed that threat actors had compromised SolarWinds Orion — a network monitoring platform used by 33,000 organizations, including multiple U.S. federal agencies. The attackers embedded malicious code into a routine software update. Every organization that
A Single Email Cost This Company $100 Million In 2017, a Lithuanian man tricked Google and Facebook employees into wiring over $100 million to bank accounts he controlled. His weapon wasn't malware. It wasn't a zero-day exploit. It was email. He sent invoices that looked like
The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas
In March 2024, a finance director at a mid-size manufacturer in Ohio wired $2.3 million to a threat actor who impersonated the company's CEO — all because of a single phishing email. The message looked perfect: right logo, right tone, right email signature. It even referenced an actual
In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
