Tag

Cybersecurity Awareness

Articles on cybersecurity awareness cover the foundational knowledge individuals and organizations need to recognize and respond to digital threats. Topics include safe browsing habits, password hygiene, social engineering tactics, and building a security-first culture across teams.

posts

Phishing Scams

What Is a Phishing Scam? A Security Pro's Real Guide

In March 2022, the FBI's Internet Crime Complaint Center reported that phishing was the number one cybercrime type in 2021 — with over 323,000 complaints filed by victims in a single year. That number dwarfed every other category. If you've ever asked what is a phishing

Carl B. Johnson Sep 22, 2022 8 min read
Supply Chain Attacks

Removed Legitimate Apps? How Attackers Exploit Trust

When Trusted Software Becomes Your Biggest Threat In March 2022, researchers confirmed that threat actors had compromised the update mechanism for Asus software, ultimately pushing malware to nearly a million machines. The attackers hadn't built anything from scratch. They had removed legitimate code from a trusted update pipeline

Carl B. Johnson Sep 22, 2022 6 min read
Spoofing

What Is Spoofing? The Attack Behind 80% of Breaches

In March 2022, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — a scheme built almost entirely on spoofing — cost victims over $2.4 billion in 2021 alone. That made it the single most financially devastating category of cybercrime they tracked. Not ransomware. Not cryptojacking. Spoofing-based

Carl B. Johnson Sep 04, 2022 6 min read
Phishing

Define Phishing: What It Really Looks Like in 2022

In March 2022, threat actors used a single phishing email to breach Okta through a third-party contractor — potentially impacting hundreds of enterprise customers downstream. The attack didn't exploit some exotic zero-day. It exploited a human being who clicked a link. If you're here to define phishing,

Carl B. Johnson Aug 23, 2022 6 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2022, a single employee at a European oil storage company opened what looked like a routine invoice. Within hours, the BlackCat ransomware had encrypted critical systems across multiple terminals, disrupting fuel distribution for days. The virus didn't exploit some exotic zero-day vulnerability. It walked through the

Carl B. Johnson Aug 23, 2022 6 min read
Security for System

Security for System Environments: A Practical Guide

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's laptop and accessed internal systems for five days before detection. Five days. That's an eternity when an attacker has a foothold inside your environment. The breach highlighted a brutal truth:

Carl B. Johnson Aug 11, 2022 7 min read
IT Security

IT Security in 2022: What Actually Stops Breaches

In March 2022, the Lapsus$ threat actor group breached Okta, Microsoft, Nvidia, and Samsung — not by exploiting sophisticated zero-day vulnerabilities, but by buying stolen credentials and socially engineering employees. A teenager-led group dismantled the IT security of some of the most well-resourced technology companies on the planet. If that doesn&

Carl B. Johnson Aug 11, 2022 7 min read
Computer Security Security

Computer Security Security: Layers That Actually Work

In March 2022, Okta confirmed that the Lapsus$ threat actor group had breached a third-party support engineer's laptop and accessed internal systems. The attack didn't exploit some exotic zero-day vulnerability. It started with compromised credentials — a single point of failure in what should have been a

Carl B. Johnson Jul 30, 2022 7 min read
Computer Security Companies

Computer Security Companies: What They Won't Tell You

The Blind Spot That Computer Security Companies Sell Around In March 2022, Okta — one of the most prominent identity management vendors in the world — confirmed that the Lapsus$ threat actor group had compromised a third-party support engineer's laptop and accessed internal systems. An identity security company, breached through

Carl B. Johnson Jul 30, 2022 7 min read
Home Computer Security

How Can You Protect Your Home Computer in 2022

In March 2022, the FBI's Internet Crime Complaint Center reported that Americans lost over $6.9 billion to cybercrime in 2021 — a 64% increase from the year before. A staggering number of those victims weren't Fortune 500 companies. They were regular people, sitting at home computers,

Carl B. Johnson Jul 30, 2022 7 min read