Tag

Endpoint Security

Comprehensive resources on securing laptops, desktops, mobile devices, and other endpoints that connect to your network. Covers endpoint detection and response tools, device hardening, patch management, encryption, and policies that minimize the attack surface across distributed environments.

posts

Security for System

Security for System Hardening: A Practical Guide

In February 2024, a misconfigured system at Change Healthcare led to one of the most devastating ransomware attacks in U.S. healthcare history. The ALPHV/BlackCat group exploited a Citrix remote access portal that lacked multi-factor authentication — a basic security for system control that should have been in place years

Carl B. Johnson Jul 10, 2024 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

The Virus That Cost a Hospital Chain $100 Million In 2017, the NotPetya malware ripped through networks worldwide. It wasn't theoretical. Nuance Communications, a major healthcare IT vendor, took a $92 million hit. Maersk, the shipping giant, lost around $300 million. Heritage Valley Health System in Pennsylvania lost

Carl B. Johnson May 13, 2024 6 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Most Companies Get Wrong

In March 2023, Samsung employees accidentally leaked sensitive source code and internal meeting notes by pasting proprietary data into ChatGPT — on their mobile devices. No malware was involved. No sophisticated threat actor broke through a firewall. Employees simply used their phones in ways the company's mobile device security

Carl B. Johnson Sep 18, 2023 7 min read
BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

In January 2023, T-Mobile disclosed that a threat actor had stolen data on 37 million customer accounts — and the intrusion reportedly exploited an API accessible from systems that included employee-used devices. It wasn't a sophisticated zero-day. It was a gap in how endpoints and access were managed. If

Carl B. Johnson Sep 18, 2023 7 min read
USB Drive Security Risks

USB Drive Security Risks: The Threat Already on Your Desk

In January 2022, the FBI issued a public warning that the cybercriminal group FIN7 had been mailing malicious USB drives to U.S. companies — disguised as packages from Amazon and the U.S. Department of Health and Human Services. The drives, once plugged in, deployed ransomware onto corporate networks. This

Carl B. Johnson Sep 18, 2023 7 min read
Types of Malware

Types of Malware: A Field Guide from Real Breaches

In 2022, the FBI's Internet Crime Complaint Center (IC3) received over 800,000 complaints with losses exceeding $10.3 billion — and malware was the engine behind a staggering number of those incidents. I've spent years watching organizations get blindsided not because they lacked firewalls, but because

Carl B. Johnson Apr 10, 2023 7 min read
Adware vs Spyware

Adware vs Spyware: What's Actually Stealing Your Data

In February 2023, the FBI's Internet Crime Complaint Center reported that malware-related complaints had surged again, with losses running into the hundreds of millions. Buried in those numbers is a distinction most people get wrong: adware vs spyware. I've watched organizations treat adware as a minor

Carl B. Johnson Apr 10, 2023 6 min read
Trojan Horse Malware

Trojan Horse Malware: How It Gets In and How to Stop It

In September 2022, Uber disclosed a breach that started with a single employee accepting a multi-factor authentication push notification they shouldn't have. The threat actor behind it — linked to the Lapsus$ group — had already compromised the employee's credentials. But the initial foothold? Social engineering and malware

Carl B. Johnson Jan 24, 2023 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2022, the FBI issued a Private Industry Notification warning that cybercriminals were using keyloggers embedded in fake business invoices to compromise corporate networks. The attackers harvested credentials for weeks before anyone noticed. By then, the damage was done — financial accounts drained, email systems hijacked, and sensitive client data

Carl B. Johnson Jan 24, 2023 6 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2022, a single employee at a European oil storage company opened what looked like a routine invoice. Within hours, the BlackCat ransomware had encrypted critical systems across multiple terminals, disrupting fuel distribution for days. The virus didn't exploit some exotic zero-day vulnerability. It walked through the

Carl B. Johnson Aug 23, 2022 6 min read