Computer Security News and Insights
In April 2022, researchers at Palo Alto Unit 42 reported that nearly 99% of cloud user accounts, services, and resources grant excessive permissions — permissions that are granted but never used. That gap between what's allowed and what's needed is exactly where threat actors operate. If you&
In May 2021, a single compromised password shut down Colonial Pipeline — the largest fuel pipeline in the United States — for six days. The company paid a $4.4 million ransom. Flights were disrupted. Gas stations ran dry across the Southeast. All because one set of credentials was exposed on the
In March 2022, the Verizon Data Breach Investigations Report team released preliminary findings showing that 82% of breaches involved the human element — phishing, stolen credentials, and social engineering. Meanwhile, most organizations I work with still treat NIST standards like a dusty compliance checkbox rather than what they actually are: a
485,000 Unfilled Cybersecurity Jobs — And Counting CyberSeek's latest data shows roughly 714,548 cybersecurity job openings in the United States as of early 2022, with only about 1.1 million people employed in the field. That gap is enormous. If you're researching an online computer
In April 2022, researchers at Wiz discovered that Microsoft Azure's PostgreSQL Flexible Server had vulnerabilities allowing cross-account database access. They called it ExtraReplica, and it affected thousands of Azure databases. This wasn't a theoretical exercise — it was a real demonstration that security in cloud computing remains
A Single Email Cost This Company $121 Million In 2019, a Lithuanian man was sentenced to five years in prison for phishing Google and Facebook out of over $121 million. His method wasn't a zero-day exploit or cutting-edge malware. It was emails. Carefully crafted, psychologically precise emails that
The 2022 Verizon Data Breach Investigations Report landed last month, and one number should keep every business owner awake at night: 82% of breaches involved the human element. Phishing, stolen credentials, pretexting, human error — threat actors aren't picking locks. They're asking your employees to hold the
In March 2022, the FBI's Internet Crime Complaint Center reported that phishing schemes were the most complained-about cybercrime in 2021, with over 323,000 victims — more than double the number from just two years prior. That stat doesn't surprise me. What surprises me is how many
In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's account — and the initial access vector was social engineering. One employee, one credential, and suddenly a company trusted by thousands of organizations was in the headlines. If you think phishing only targets
In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's laptop — and the initial access vector was social engineering. A single employee interaction opened the door to a breach that rattled hundreds of downstream customers. If you're asking what is
