Tag

Multi-Factor Authentication

Posts tagged with multi-factor authentication explain how layered identity verification strengthens access security. Coverage includes MFA implementation strategies, authenticator app comparisons, hardware token options, and best practices for deploying MFA across enterprise environments.

posts

Phishing

Phishing in 2022: What Actually Works to Stop It

Twilio disclosed in August that a phishing campaign tricked its employees into handing over credentials via SMS, exposing data tied to over 130 organizations — including Signal users. A few weeks later, Uber suffered a breach when an attacker used social engineering to fatigue an employee with multi-factor authentication push requests

Carl B. Johnson Dec 18, 2022 6 min read
Gmail Phishing Attacks

Gmail Sophisticated Attacks: FBI Phishing Warnings for 2022

The FBI Is Warning Gmail Users — And Most People Aren't Listening In March 2022, the FBI's Internet Crime Complaint Center (IC3) released its annual report showing that phishing — including attacks targeting Gmail users specifically — generated more victim complaints than any other cybercrime category. Over 300,000

Carl B. Johnson Oct 24, 2022 7 min read
Cybersecurity

Cybersecurity in 2022: What Actually Works Now

The Breach That Should Have Changed Everything In March 2022, the Lapsus$ group breached Okta, Microsoft, Samsung, and Nvidia in rapid succession — not by deploying sophisticated zero-day exploits, but by buying stolen credentials, social engineering help desk employees, and exploiting MFA fatigue. A group reportedly led by teenagers embarrassed some

Carl B. Johnson Aug 23, 2022 7 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2022

In March 2022, Okta confirmed that the Lapsus$ threat actor group had accessed an internal support engineer's laptop — and the fallout rippled across the entire identity management industry. The breach didn't start with a sophisticated zero-day exploit. It started with compromised credentials. That single detail tells

Carl B. Johnson Aug 11, 2022 7 min read
Security for System

Security for System Environments: A Practical Guide

In March 2022, Okta confirmed that the Lapsus$ threat actor group had compromised a support engineer's laptop and accessed internal systems for five days before detection. Five days. That's an eternity when an attacker has a foothold inside your environment. The breach highlighted a brutal truth:

Carl B. Johnson Aug 11, 2022 7 min read
IT Security

IT Security in 2022: What Actually Stops Breaches

In March 2022, the Lapsus$ threat actor group breached Okta, Microsoft, Nvidia, and Samsung — not by exploiting sophisticated zero-day vulnerabilities, but by buying stolen credentials and socially engineering employees. A teenager-led group dismantled the IT security of some of the most well-resourced technology companies on the planet. If that doesn&

Carl B. Johnson Aug 11, 2022 7 min read
Computer Security Security

Computer Security Security: Layers That Actually Work

In March 2022, Okta confirmed that the Lapsus$ threat actor group had breached a third-party support engineer's laptop and accessed internal systems. The attack didn't exploit some exotic zero-day vulnerability. It started with compromised credentials — a single point of failure in what should have been a

Carl B. Johnson Jul 30, 2022 7 min read
Web Security Best Practices

Web Security Best Practices That Actually Stop Breaches

In March 2022, the Lapsus$ group breached Okta by compromising a third-party support engineer's laptop — and suddenly, thousands of organizations realized their web security posture was only as strong as their weakest vendor's. That single incident forced a reckoning across the industry. If your organization runs

Carl B. Johnson Jul 30, 2022 7 min read