Computer Security News and Insights
In July 2020, a teenager convinced Twitter employees to hand over internal credentials through a phone-based social engineering attack. The result: hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — broadcasting a Bitcoin scam to hundreds of millions of followers. The attacker didn't exploit a
In 2020, a teenager and two accomplices convinced a Twitter employee they were from the company's IT department. That single phone call gave them access to internal tools, which they used to hijack 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — netting over $100,
In March 2021, a single employee at a water treatment plant in Oldsmar, Florida, watched someone remotely take control of their screen and attempt to increase sodium hydroxide levels to dangerous concentrations. The attacker got in through a shared TeamViewer password. No advanced exploit. No zero-day. Just poor cybersecurity awareness
The Click That Cost One Hospital $67 Million In 2020, Universal Health Services suffered a Ryuk ransomware attack that disrupted operations across 400 facilities for weeks. The estimated cost? $67 million. The entry point? An employee who interacted with a malicious payload. This wasn't a sophisticated zero-day exploit.
In December 2020, FireEye disclosed one of the most sophisticated supply chain attacks in history — the SolarWinds breach. Threat actors compromised a trusted software update, slipping past automated defenses at over 18,000 organizations including multiple U.S. government agencies. But here's the detail that gets buried: investigators
In March 2020, a single employee at Magellan Health clicked a phishing email that impersonated an executive. The result: a ransomware attack that exposed personal data of over 365,000 individuals. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a firewall. They sent an
The Click That Cost One Company $46 Million In 2020, Ubiquiti Networks disclosed a breach that started with a single employee's compromised credentials. Attackers impersonated company executives, manipulated employees through social engineering, and walked away with $46.7 million in fraudulent wire transfers. The technology was fine. The
In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on an update server — a detail that surfaced during Congressional hearings about one of the most devastating supply chain attacks in history. Thousands of organizations, including multiple U.S. government agencies, were compromised. The root cause wasn&
One Month Won't Save You — But It Can Start Something That Does In October 2020, during Cybersecurity Awareness Month, a major hospital chain — Universal Health Services — was fighting off one of the largest ransomware attacks in U.S. healthcare history. The Ryuk ransomware hit over 400 facilities. Staff
In 2020, the FBI's Internet Crime Complaint Center received 791,790 complaints — a 69% increase over 2019 — with reported losses exceeding $4.2 billion. Small businesses absorbed a disproportionate share of that damage. The Verizon 2020 Data Breach Investigations Report found that 28% of data breaches involved small
