Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Adware vs Spyware

Adware vs Spyware: What Security Teams Must Know

In 2023, a barcode scanner app on the Google Play Store — used by over 10 million people — pushed a malicious update that turned a legitimate tool into an aggressive adware delivery mechanism overnight. Users were flooded with pop-ups and redirected to shady websites. Within weeks, researchers discovered the same app

Carl B. Johnson Jul 14, 2019 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In 2023, the FBI dismantled a cybercrime ring that used a commercial keylogger called Snake Keylogger to steal credentials from over 10,000 victims across 50 countries. The malware recorded every keystroke — banking passwords, email logins, private messages — and quietly exfiltrated the data to attacker-controlled servers. The victims had no

Carl B. Johnson Jul 14, 2019 6 min read
SQL Injection

SQL Injection Explained: The Attack That Won't Die

In 2023, the MOVEit Transfer vulnerability — a SQL injection flaw — led to the compromise of over 2,600 organizations and exposed data on more than 77 million individuals. One vulnerability. One injection point. Billions in damage. And here's what should keep you up at night: SQL injection has

Carl B. Johnson Jul 14, 2019 7 min read
Cross-Site Scripting

Cross-Site Scripting Explained: What XSS Really Does

In 2018, British Airways disclosed a breach that exposed the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting exploit. The UK's Information Commissioner's Office initially proposed a

Carl B. Johnson Jul 14, 2019 7 min read
Phishing

How to Spot a Phishing Email Before It Costs You

In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. One compromised credential. One employee who didn't catch the red flags. The result: fuel shortages across the East Coast, a $4.4 million ransom payment, and

Carl B. Johnson Jul 04, 2019 7 min read
Phishing

What Is Phishing? The Attack Behind 80% of Breaches

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime for the fifth consecutive year. Yet every week, I still talk to business owners who think phishing is just "those obvious Nigerian prince emails." It'

Carl B. Johnson Jul 04, 2019 7 min read
Phishing

Phishing: Why It Still Works and How to Stop It

A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million to a single business email compromise attack. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices via email over a two-year period. These weren't sophisticated

Carl B. Johnson Jun 23, 2019 7 min read
Spear Phishing

Spear Phishing: Why Targeted Attacks Bypass Your Defenses

In 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider used a spear phishing phone call — a single, targeted social engineering attack against an IT help desk employee — to breach one of the largest casino operators on the planet. The attacker found the employee'

Carl B. Johnson Jun 18, 2019 7 min read