Tag

Network Security

Covers strategies, tools, and best practices for protecting computer networks from unauthorized access, cyberattacks, and data breaches. Topics include firewalls, intrusion detection systems, network segmentation, and monitoring techniques that help organizations maintain secure and resilient infrastructure.

posts

Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2024, security researchers at Checkmarx uncovered a massive man in the middle attack campaign targeting the Python Package Index (PyPI), where threat actors intercepted developer credentials and injected malicious code into software supply chains. The attack went undetected for months. This wasn't some exotic nation-state operation

Carl B. Johnson Jul 05, 2026 6 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2026

In early 2024, Ivanti disclosed critical vulnerabilities in its Connect Secure VPN that were already being actively exploited by threat actors — including nation-state groups. CISA issued an emergency directive ordering federal agencies to disconnect affected devices within 48 hours. If that doesn't make you rethink your VPN best

Carl B. Johnson Jul 05, 2026 5 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2026

The Breach That Made "Trust" a Dirty Word In 2020, the SolarWinds breach gave threat actors access to the internal networks of at least nine U.S. federal agencies and over 100 private companies. The attackers moved laterally for months — undetected — because once they were inside the network

Carl B. Johnson Jul 03, 2026 5 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Proved Firewalls Aren't Enough In 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering — a single phone call to the help desk — to bypass perimeter defenses and move laterally through internal systems. The attackers didn't need to

Carl B. Johnson Jun 30, 2026 6 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

The Breach That Proved "Trust But Verify" Was a Lie In 2020, a threat actor compromised SolarWinds' Orion software update mechanism and silently infiltrated over 18,000 organizations — including multiple U.S. federal agencies and Fortune 500 companies. The attackers didn't blast through firewalls. They

Carl B. Johnson Jun 25, 2026 6 min read
Ransomware

How Ransomware Spreads: 7 Paths Into Your Network

In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems at hospitals and pharmacies nationwide for weeks. The entry point? Stolen credentials used on a remote access portal that lacked multi-factor authentication. One

Carl B. Johnson Jun 05, 2026 5 min read
Zero Trust

What Is Zero Trust? A Security Model That Actually Works

In 2020, threat actors compromised SolarWinds' Orion software and used it to breach dozens of U.S. government agencies. The attackers moved laterally through networks for months because once they were inside the perimeter, those networks trusted them. That single breach rewrote how the federal government thinks about network

Carl B. Johnson Jun 03, 2026 5 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $120 million from Google and Facebook using a sophisticated man in the middle attack scheme. He impersonated a legitimate hardware vendor, intercepted invoice communications, and redirected payments to bank accounts he controlled. The scheme ran for two

Carl B. Johnson Jun 02, 2026 5 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

A Castle With No Walls Left to Defend In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had compromised executive email accounts — not by breaching a firewall, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. The attackers moved laterally for weeks before detection.

Carl B. Johnson May 15, 2026 5 min read