Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In February 2024, Change Healthcare — a subsidiary of UnitedHealth Group — suffered a ransomware attack that disrupted healthcare payment processing across the entire United States for weeks. The threat actor didn't breach UnitedHealth directly. They compromised a vendor system that

Carl B. Johnson Feb 28, 2025 8 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Skip

The $350 Million Acquisition That Fell Apart Over a Data Breach When Verizon moved to acquire Yahoo in 2017, the deal was nearly complete. Then Yahoo disclosed two massive data breaches affecting all three billion user accounts. Verizon knocked $350 million off the purchase price. That single failure in cybersecurity

Carl B. Johnson Feb 28, 2025 8 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In February 2024, a threat actor going by "USDoD" listed 2.9 billion records from National Public Data on a dark web forum — records that included Social Security numbers, full names, and addresses of nearly every American adult. The breach didn't make mainstream headlines until months

Carl B. Johnson Feb 28, 2025 8 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: What You Must Know in 2025

Your Employees' Passwords Are Probably Already for Sale In January 2024, researchers discovered a file called "Naz.API" circulating on dark web forums containing over 71 million unique email addresses paired with plaintext passwords — many harvested by credential-stealing malware. That's not a hypothetical. That'

Carl B. Johnson Feb 28, 2025 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A 2025 Guide

In January 2024, a single compromised employee credential at a mid-size financial services firm led to the theft of 4.3 million customer records. The breach cost the company $18 million in remediation, legal fees, and regulatory fines — and their brand reputation still hasn't recovered. That's

Carl B. Johnson Feb 28, 2025 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2024, security researchers at Fortinet uncovered a campaign distributing Snake Keylogger through phishing emails disguised as payment remittance notices. The malware silently captured credentials from over 280 banking and email applications before exfiltrating everything to attacker-controlled Telegram bots. The victims had no idea. Every password, every credit card

Carl B. Johnson Dec 19, 2024 6 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2024, security researchers at Sekoia documented a massive adversary-in-the-middle campaign that used phishing kits to intercept Microsoft 365 credentials and session tokens in real time — bypassing multi-factor authentication entirely. The attack wasn't theoretical. It hit thousands of organizations across multiple industries. And it reminded every security

Carl B. Johnson Dec 19, 2024 8 min read
SQL Injection

SQL Injection Explained: The Attack That Won't Die

A 20-Year-Old Vulnerability Still Dominating Breach Reports In 2023, the MOVEit Transfer vulnerability (CVE-2023-34362) compromised over 2,600 organizations and exposed data on more than 77 million individuals. At its core, the exploit was a SQL injection. The Cl0p ransomware gang used it to steal data from federal agencies, major

Carl B. Johnson Dec 19, 2024 7 min read