Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Social Engineering

How to Spot Social Engineering Before It Costs You

In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is

Carl B. Johnson Apr 04, 2022 7 min read
Pretexting Attacks

Pretexting Attack Examples: Real Scams That Fool Smart People

In 2020, a teenager convinced a Twitter employee he was a co-worker from the IT department. That single phone call led to the compromise of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and a Bitcoin scam that netted over $100,000 in hours. The attack wasn'

Carl B. Johnson Apr 04, 2022 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

The Breach That Started With a Single Stolen Password In May 2021, a single compromised password shut down fuel distribution across the Eastern United States. The Colonial Pipeline ransomware attack disrupted gas supplies for days and cost the company a $4.4 million ransom payment. The root cause? A legacy

Carl B. Johnson Mar 18, 2022 6 min read
Data Breach

What Causes a Data Breach: 7 Root Causes Explained

In January 2022, the International Committee of the Red Cross disclosed that a sophisticated cyberattack compromised the personal data of more than 515,000 vulnerable people — including missing persons, detainees, and their families. The breach didn't happen because of some exotic zero-day exploit. It happened because of a

Carl B. Johnson Mar 18, 2022 6 min read
Strong Passwords

How to Create a Strong Password That Actually Stops Hackers

The 123456 Problem Is Worse Than You Think In December 2021, NordPass published its annual list of the most common passwords. Sitting at number one — for the third year running — was "123456." Number two? "123456789." These aren't passwords from 2005. They're passwords

Carl B. Johnson Feb 15, 2022 7 min read
Password Manager

Why Use a Password Manager: A Security Pro's Take

In January 2022, the Red Cross disclosed a cyberattack that compromised personal data of over 515,000 vulnerable people. The attack exploited unpatched vulnerabilities — but the investigation also revealed compromised credentials as a contributing factor. It's a pattern I see constantly. And every time it happens, I get

Carl B. Johnson Feb 15, 2022 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 61% Problem Nobody Talks About The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. Stolen, reused, guessed, and phished passwords remain the single largest attack vector threat actors exploit today. I've spent years

Carl B. Johnson Feb 15, 2022 6 min read
Strong Passwords

Strong Password Examples That Actually Stop Hackers

In January 2022, a credential stuffing attack hit Norton LifeLock, compromising roughly 925,000 accounts. The common thread? Weak and reused passwords. I've spent years watching organizations hemorrhage data because employees — and everyday users — still think "Company2022!" is a strong password. It's not. This

Carl B. Johnson Feb 15, 2022 6 min read