Tag

Credential Theft

Posts exploring how attackers steal usernames, passwords, and authentication tokens through phishing, keylogging, brute force attacks, and credential stuffing. Includes actionable guidance on multi-factor authentication, password managers, and monitoring for compromised credentials.

posts

Cybersecurity Incident Examples

Cybersecurity Incident Examples That Changed Everything

The Breach That Cost a Pipeline Its Entire Operation In May 2021, Colonial Pipeline — the largest fuel pipeline in the United States — shut down completely after a ransomware attack. A single compromised password on a legacy VPN account gave the DarkSide threat actor group everything they needed. The company paid

Carl B. Johnson Jan 18, 2022 6 min read
Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

In July 2021, a remote employee at a Florida IT management firm clicked a link that looked like a routine software update. Within hours, the REvil ransomware gang had compromised Kaseya's VSA platform and cascaded the attack to an estimated 1,500 downstream businesses. The initial foothold? A

Carl B. Johnson Jan 15, 2022 6 min read
Remote Desktop Security Risks

Remote Desktop Security Risks: What Attackers See

An Open Door You Didn't Know You Left Unlocked In August 2021, the FBI and CISA issued a joint advisory warning that threat actors exploiting Remote Desktop Protocol (RDP) was the single most common initial access vector in ransomware attacks. Not phishing emails. Not zero-day exploits. RDP. The

Carl B. Johnson Jan 06, 2022 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical 2021 Guide

The Misconfiguration That Exposed 3.8 Billion Records In June 2021, researchers discovered an unsecured Elasticsearch instance containing 3.8 billion records — names, emails, phone numbers, and social media profiles compiled from scraped and breached data. It sat wide open on the internet. No password. No access controls. Just a

Carl B. Johnson Dec 23, 2021 7 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

Your Employees' Phones Are the Weakest Link Right Now In September 2021, Lookout reported that mobile phishing attacks had surged 161% since 2020. That's not a typo. The device your employees carry everywhere — the one they check 96 times a day — has become the primary attack surface

Carl B. Johnson Dec 18, 2021 7 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat You Ignore

A $10 Pair of Binoculars Can Beat Your $10 Million Security Budget In 2018, a researcher at a security conference demonstrated how he captured over 100 passwords simply by watching people type at airport gates and coffee shops over a two-week period. No malware. No phishing emails. No zero-day exploits.

Carl B. Johnson Dec 18, 2021 7 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In April 2021, a collection of 533 million Facebook user records surfaced on a dark web forum — names, phone numbers, email addresses, all posted for anyone to grab. Three months before that, a compilation of 3.2 billion email and password pairs called COMB (Compilation of Many Breaches) appeared on

Carl B. Johnson Sep 23, 2021 7 min read