Tag

Credential Theft Prevention

Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.

posts

Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Really Matters

In March 2024, a threat actor bypassed a major healthcare provider's two-factor authentication by intercepting SMS codes through a SIM-swapping attack — compromising over 2 million patient records. The organization thought they were protected. They had "MFA" checked off on their compliance audit. But they'd

Carl B. Johnson Jun 15, 2025 7 min read
Strong Password Examples

Strong Password Examples That Actually Stop Hackers

The 23 Billion Reasons Your Password Probably Isn't Good Enough In January 2024, researchers discovered a file called "RockYou2024" floating around dark web forums. It contained roughly 9.9 billion unique plaintext passwords — the largest credential dump in history at the time. By early 2025, threat

Carl B. Johnson Jun 14, 2025 7 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

The Threat Already Inside Your Firewall In January 2025, a former employee of a U.S. infrastructure firm was charged with attempting to sabotage water treatment systems — months after being terminated. His credentials were never revoked. The damage was caught, but barely. This isn't an edge case. It&

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

Insider Threat Examples: 7 Real Cases That Cost Millions

In 2022, a former employee of Cash App's parent company, Block Inc., downloaded reports containing the personal information of 8.2 million customers — months after being terminated. The company's failure to revoke access cost them regulatory scrutiny, a class-action lawsuit, and reputational damage that no PR

Carl B. Johnson Jun 12, 2025 7 min read
VPN Best Practices

VPN Best Practices: 9 Rules That Actually Stop Breaches

In May 2024, Check Point disclosed that threat actors were actively exploiting a zero-day vulnerability in its VPN products — CVE-2024-24919 — to harvest Active Directory credentials and move laterally through enterprise networks. Attackers didn't need a sophisticated exploit chain. They needed one VPN gateway running a default configuration with

Carl B. Johnson May 25, 2025 7 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In January 2024, a finance employee at a multinational firm in Hong Kong joined what appeared to be a routine video call with the company's CFO. Everything looked normal — the CFO's face, voice, and mannerisms were all spot-on. The employee followed instructions and wired $25 million

Carl B. Johnson Dec 10, 2024 7 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

What a Phish Setlist Is — And Why Your Security Team Needs One In March 2024, a mid-size accounting firm lost $2.1 million after an employee clicked a single phishing email disguised as a DocuSign request during tax season. The firm had no phishing simulation program. No playbook. No plan.

Carl B. Johnson Oct 17, 2024 7 min read
Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2024

In May 2024, the FBI's Internet Crime Complaint Center reported that phishing — including sophisticated attacks targeting Gmail users — remained the number one reported cybercrime for the third year running. Over 298,000 phishing complaints landed at IC3 in 2023 alone, and 2024 is tracking even higher. The Gmail

Carl B. Johnson Sep 18, 2024 6 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In January 2024, a finance employee at Arup — a multinational engineering firm — joined a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a deepfake. The employee transferred $25 million to accounts controlled by threat actors. The attack

Carl B. Johnson Sep 18, 2024 7 min read