Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.
posts
In September 2023, MGM Resorts International watched helplessly as a single social engineering phone call spiraled into a cyberattack that cost the company over $100 million. Slot machines went dark. Hotel room keys stopped working. Reservations collapsed. And it all started because a threat actor called the help desk and
The 37 Minutes That Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee. Within 37 minutes, they had enough access to cripple one of the world's largest casino and hotel operators. Slot machines went dark. Hotel
In January 2023, T-Mobile disclosed that a threat actor had been siphoning data from 37 million customer accounts since November 2022 — through a single exploited API. The attacker moved laterally for weeks without triggering alarms. If you've ever wondered what is zero trust and why the entire industry
In August 2023, a single remote employee at a casino and entertainment company fell for a social engineering call. That one mistake gave threat actors the keys to MGM Resorts' entire kingdom — an attack that cost the company over $100 million in damages according to their SEC filing. The
The Framework That Could Have Prevented a $150 Million Mistake When Equifax disclosed its catastrophic 2017 breach affecting 147 million Americans, the postmortem was brutal. The company had failed at the most basic elements of what the NIST Cybersecurity Framework prescribes: asset inventory, patch management, and network segmentation. The FTC
The Sector Threat Actors Love to Target In September 2023, the University of Michigan shut down its entire network for days after detecting a significant cybersecurity incident. Classes were disrupted. Hospital systems were affected. Roughly 230,000 individuals later learned their personal data had been compromised. This wasn't
The $65 Million Misconfiguration Nobody Saw Coming In March 2023, Toyota disclosed that a cloud misconfiguration had exposed vehicle data on 2.15 million customers for over a decade. A single cloud storage bucket, left publicly accessible, quietly leaked data from 2012 to 2023. Nobody noticed for ten years. That&
The Salesforce Instance Nobody Knew About In 2022, a mid-size healthcare company discovered that one of its marketing teams had been running an entirely separate Salesforce instance — for eleven months. Patient-adjacent data sat in an environment with no encryption at rest, no access controls, and no logging. The IT security
In 2019, a man wearing a reflective vest and carrying a clipboard walked into a secure data center in Atlanta, unplugged a server, tucked it under his arm, and walked right back out the front door. Nobody stopped him. Nobody questioned him. A $2.5 million client database left the
In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% jump from 2021. The vast majority of those losses traced back to failures in basic security practices. Not zero-day exploits. Not nation-state attacks. Basic, preventable
