Computer Security News and Insights
When Twitter disclosed in July 2020 that attackers had hijacked 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — the root cause wasn't some exotic zero-day exploit. It was social engineering. Attackers manipulated employees, gained access to internal tools, and moved laterally through systems that trusted them
The Largest Unplanned Security Experiment in History In March 2020, roughly 16 million U.S. knowledge workers shifted to remote work within two weeks. That's not a migration. That's an evacuation. And like any evacuation, people grabbed what they could and ran — personal laptops, home Wi-Fi
In April 2020, the FBI's Internet Crime Complaint Center reported it was receiving between 3,000 and 4,000 cybersecurity complaints per day — a roughly 400% increase from pre-pandemic levels. The single biggest catalyst? Millions of employees suddenly working from home on networks and devices that no corporate
In early 2024, Ivanti disclosed critical vulnerabilities in its Connect Secure VPN that were already being actively exploited by threat actors — including nation-state groups. CISA issued an emergency directive ordering federal agencies to disconnect affected devices within 48 hours. It was a brutal reminder: a VPN isn't a
A Single Exposed RDP Port Cost One Hospital Everything In 2023, a regional hospital in Illinois discovered that attackers had been inside their network for over three weeks. The entry point? A single Remote Desktop Protocol (RDP) port left open to the internet. The threat actors used brute-forced credentials to
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee using information scraped from LinkedIn. One phone call. One employee without clear verification protocols. That's all it took to shut down slot machines, hotel key cards, and reservation systems across
The Policy Nobody Reads Until It's Too Late In 2023, a single employee at MGM Resorts called the help desk, and a threat actor used social engineering to gain access that led to a $100 million hit on operations. One phone call. No malware exploit. No zero-day vulnerability.
The Audit Finding That Costs More Than the Breach In 2023, a regional healthcare provider in Oklahoma paid a $1.3 million HIPAA settlement to the Office for Civil Rights. The root cause wasn't a sophisticated nation-state attack. It was a phishing email that an untrained employee clicked
The Framework 87% of Organizations Claim to Follow — But Most Get Wrong When the Change Healthcare breach exposed the records of over 100 million people in 2024, investigators found something familiar: the organization had a cybersecurity program on paper. What it lacked was disciplined execution against a proven structure. That
In January 2024, CISA issued Emergency Directive 24-01 after a nation-state threat actor compromised Microsoft's corporate email environment. Federal agencies scrambled to audit their own Microsoft tenants. The directive wasn't theoretical — it was an emergency response to a real breach affecting the backbone of government communications.
