Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

In May 2024, Ticketmaster disclosed a breach that exposed personal data on over 560 million customers. The attack vector? Compromised credentials at a third-party cloud provider. No zero-day exploit. No nation-state wizardry. Just stolen login details and a lack of proper access controls. Data breach prevention doesn't start

Carl B. Johnson Jul 15, 2025 7 min read
Data Breach

What Causes a Data Breach: 7 Root Causes in 2025

In May 2024, Ticketmaster confirmed a breach that exposed the personal data of over 560 million customers. The attack vector? Stolen credentials used to access a third-party cloud database. It wasn't some exotic zero-day exploit. It was a login and password that fell into the wrong hands. If

Carl B. Johnson Jul 15, 2025 7 min read
Strong Passwords

How to Create a Strong Password That Actually Stops Hackers

The 23-Character Password That Still Got Cracked In 2024, a security researcher at Hive Systems demonstrated that a 12-character password using only lowercase letters could be brute-forced in about three weeks with modern GPU hardware. Bump that up to a complex 12-character mix of upper, lower, numbers, and symbols? Still

Carl B. Johnson Jun 15, 2025 7 min read
Password Manager

Why Use a Password Manager: The Case Is Settled

The Breach That Started With "CompanyName2024!" In January 2025, a mid-size healthcare provider in the Midwest discovered that an attacker had been living inside their network for eleven weeks. The initial access point? A reused password. An employee had used the same credential for their company email and

Carl B. Johnson Jun 15, 2025 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The Breach That Started With "Spring2024!" In early 2024, a midsize healthcare company in the Midwest lost 2.3 million patient records. The root cause wasn't a sophisticated zero-day exploit. It wasn't a nation-state threat actor. It was an employee who reused the same

Carl B. Johnson Jun 15, 2025 6 min read
Cybersecurity Incident Examples

Cybersecurity Incident Examples That Changed Everything

The Breach That Cost Change Healthcare $22 Million in Ransom In February 2024, the ransomware group ALPHV/BlackCat crippled Change Healthcare — a company that processes roughly one-third of all U.S. healthcare claims. The attack disrupted pharmacies, hospitals, and billing systems nationwide for weeks. UnitedHealth Group, Change Healthcare's

Carl B. Johnson Jun 14, 2025 7 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A 2025 Survival Guide

In March 2024, a single remote employee at a midsize financial firm clicked a link in what looked like a Microsoft Teams notification. Within 72 hours, a threat actor had moved laterally across the company's network, exfiltrated 1.2 million customer records, and deployed ransomware that locked every

Carl B. Johnson May 25, 2025 7 min read
Remote Desktop Security Risks

Remote Desktop Security Risks: What Attackers See

Port 3389: The Door You Left Wide Open In January 2024, the FBI and CISA issued a joint advisory warning that the Phobos ransomware group had been exploiting exposed Remote Desktop Protocol (RDP) services to breach organizations across government, healthcare, education, and critical infrastructure. The attackers didn't use

Carl B. Johnson May 18, 2025 8 min read