Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Cybersecurity Glossary

Cybersecurity Glossary for Beginners: 40+ Terms

When the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast in 2021, news anchors stumbled over terms like "ransomware," "threat actor," and "zero trust." Millions of people realized they didn't have the vocabulary to understand the

Carl B. Johnson May 11, 2020 8 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

When the Colonial Pipeline attack shut down fuel distribution across the Eastern United States in 2021, news anchors stumbled over words like "ransomware," "threat actor," and "zero trust." Millions of people realized they didn't speak the language of cybersecurity — and that ignorance

Carl B. Johnson May 08, 2020 7 min read
Adware vs Spyware

Adware vs Spyware: What Security Teams Must Know

In 2023, a seemingly harmless browser extension called "PDF Toolbox" was downloaded over two million times from the Chrome Web Store before researchers at Palant discovered it was quietly injecting tracking code and redirecting ad revenue — a textbook adware operation that crossed hard into spyware territory. That single

Carl B. Johnson May 08, 2020 7 min read
Cross-Site Scripting

Cross-Site Scripting Explained: A Real-World Guide

The Attack That Hides in Plain Sight on Your Website In 2018, British Airways disclosed a breach that compromised the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting attack that skimmed

Carl B. Johnson Mar 04, 2020 7 min read
Phishing Awareness

How to Spot a Phishing Email: 9 Red Flags to Catch

The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of phishing — accounted for over $2.9 billion in adjusted losses. That's not a typo. Billions. And it all starts with a

Carl B. Johnson Mar 04, 2020 7 min read
Phishing

What Is Phishing? The Attack Behind 80% of Breaches

In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime for the fifth consecutive year. And those are just the ones people reported. I've spent years helping organizations respond to breaches, and the vast majority start

Carl B. Johnson Mar 04, 2020 7 min read
Phishing Scams

Phish Setlist Scams: How Attackers Exploit Fan Sites

Your Search for a Phish Setlist Could Land You on a Hacker's Hook Last summer, a colleague of mine — a die-hard Phish fan — searched for a phish setlist from a recent show at Madison Square Garden. He clicked what looked like a legitimate fan site. Within seconds, his

Carl B. Johnson Feb 28, 2020 7 min read
Phishing Definition

Phishing Definition: What It Really Means in 2026

In March 2024, MGM Resorts was still tallying the damage from a social engineering attack that started with a single phone call to their help desk. The total cost exceeded $100 million. The attacker didn't exploit a zero-day vulnerability or crack military-grade encryption. They impersonated an employee found

Carl B. Johnson Feb 27, 2020 6 min read
Phishing Emails

How to Spot Phishing Emails Before They Cost You

In March 2024, a finance director at a mid-size manufacturer in Ohio received an email from what appeared to be the company CEO. The message asked for an urgent wire transfer to close a confidential acquisition. The email looked flawless — correct logo, matching font, even a convincing signature block. She

Carl B. Johnson Feb 16, 2020 7 min read