Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Dark Web

What Is the Dark Web? A Security Pro's Real Guide

In January 2023, the FBI and international law enforcement took down the Hive ransomware group's dark web infrastructure, seizing servers that had processed over $100 million in ransom payments from hospitals, school districts, and financial firms. That operation gave the public a rare, concrete look at what the

Carl B. Johnson Jun 06, 2023 7 min read
Stolen Credentials Dark Web

Stolen Credentials Dark Web: Where Your Passwords End Up

In January 2023, Norton LifeLock disclosed that attackers used credential stuffing to compromise roughly 6,450 customer accounts. The passwords didn't come from a Norton breach. They came from stolen credentials dark web marketplaces had been selling for months — maybe years. The attackers simply bought username-password combos from

Carl B. Johnson Jun 06, 2023 7 min read
Credential Stuffing Attack

Credential Stuffing Attack: How to Stop It Cold

23 Billion Stolen Credentials Are Already For Sale In January 2023, cybersecurity researchers at Digital Shadows reported over 24.6 billion stolen username-and-password pairs circulating on dark web marketplaces. That's roughly three credentials for every person on Earth. And every single one of them is a loaded weapon

Carl B. Johnson Jun 06, 2023 7 min read
Malware

What Is Malware? A Security Pro's Field Guide

In February 2023, the U.S. Marshals Service confirmed a major ransomware attack that compromised sensitive law enforcement data — including personally identifiable information and internal legal documents. A federal agency with dedicated security staff and government-grade infrastructure still got hit. If you're running a business without those resources,

Carl B. Johnson Apr 10, 2023 7 min read
Types of Malware

Types of Malware: A Field Guide from Real Breaches

In 2022, the FBI's Internet Crime Complaint Center (IC3) received over 800,000 complaints with losses exceeding $10.3 billion — and malware was the engine behind a staggering number of those incidents. I've spent years watching organizations get blindsided not because they lacked firewalls, but because

Carl B. Johnson Apr 10, 2023 7 min read
Trojan Horse Malware

Trojan Horse Malware: How It Gets In and How to Stop It

In September 2022, Uber disclosed a breach that started with a single employee accepting a multi-factor authentication push notification they shouldn't have. The threat actor behind it — linked to the Lapsus$ group — had already compromised the employee's credentials. But the initial foothold? Social engineering and malware

Carl B. Johnson Jan 24, 2023 7 min read
Cross-Site Scripting

Cross-Site Scripting Explained: A Practical Guide

British Airways Lost $230 Million Because of a Script In 2018, British Airways disclosed a breach that exposed the payment card details of roughly 380,000 customers. The attack vector? A malicious script injected into the airline's payment page — a textbook cross-site scripting exploitation. The UK's

Carl B. Johnson Jan 09, 2023 8 min read