Covers methods for stopping attackers from stealing usernames, passwords, and authentication tokens. Topics include multi-factor authentication, password managers, phishing-resistant credentials, and monitoring techniques that detect compromised accounts early.
posts
In 2023, MGM Resorts lost roughly $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way past security controls. No zero-day exploit. No nation-state malware. Just a phone call. That incident crystallized something I've been telling organizations for
In 2024, a single compromised employee smartphone gave a threat actor full access to a healthcare company's patient records — 1.4 million individuals affected, an OCR investigation opened, and a brand reputation shattered. The initial vector? A phishing link sent via SMS that bypassed every email filter the
