Computer Security News and Insights
The Click That Cost One Company $47 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a social engineering phone call that led to credential theft and a devastating ransomware attack. The estimated cost exceeded $100 million. The attack vector? A
A Single Unpatched Laptop Cost One Hospital $3 Million In 2023, the U.S. Department of Health and Human Services settled with a healthcare provider after a ransomware attack that started on one employee's unpatched workstation. The machine hadn't been updated in over 90 days. That
The Receptionist Who Stopped a $3 Million Wire Fraud In 2023, a business email compromise attack targeted a mid-size manufacturing company in Ohio. The threat actor had spoofed the CEO's email perfectly. The wire transfer request looked legitimate. But a receptionist — someone with zero technical background — noticed the
In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with losses exceeding $12.5 billion — and a staggering number of those incidents started with a single file that looked perfectly legitimate. That file was trojan horse malware, disguised as an invoice, a software update,
Last year, a hospital administrator told me she ignored an alert about a credential stuffing attack because she didn't know what that phrase meant. Three days later, her organization was dealing with a ransomware incident that shut down patient scheduling for two weeks. The jargon gap in cybersecurity
In January 2024, the U.S. Department of Justice charged a former Google engineer with stealing proprietary AI trade secrets while secretly working for two China-based companies. He had access for years. He passed background checks. He was a trusted employee. And that's exactly the point — the most
A $5.8 Million Wake-Up Call from the FTC In 2023, the FTC finalized a settlement with Drizly and its CEO after a data breach exposed the personal information of roughly 2.5 million consumers. What made this case unusual wasn't just the fine — it was that the
In January 2024, Microsoft disclosed that a Russian-linked threat actor — Midnight Blizzard — breached corporate email accounts by exploiting a legacy test tenant that lacked multi-factor authentication. No zero-day. No sophisticated exploit chain. Just a password spray against an old account that trusted the network it sat on. That's
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past help desk staff with a ten-minute phone call. The attackers didn't exploit some exotic zero-day. They exploited a human being
The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the
