Articles addressing both digital and physical security practices within professional environments. Covers topics such as access control systems, clean desk policies, secure Wi-Fi usage, visitor management, document handling procedures, and building a holistic workplace security culture.
posts
The Receptionist Who Stopped a $3 Million Wire Fraud In 2023, a business email compromise attack targeted a mid-size manufacturing company in Ohio. The threat actor had spoofed the CEO's email perfectly. The wire transfer request looked legitimate. But a receptionist — someone with zero technical background — noticed the
In 2024, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into a network reset. No zero-day exploit. No nation-state malware. Just a phone call. That single incident proved what I've been
The Breach That Started With a Single Slack Message In September 2022, a threat actor convinced a Uber contractor to approve a multi-factor authentication push notification. That single moment of human failure gave the attacker access to Uber's internal systems, including their Slack workspace, vulnerability reports, and financial
A Single Employee Click Cost MGM Resorts $100 Million In September 2023, MGM Resorts International disclosed a devastating cyberattack that disrupted hotel operations, slot machines, and reservation systems across Las Vegas. The attack vector? A social engineering phone call. A threat actor impersonated an employee, called the IT help desk,
In March 2021, a business email compromise attack tricked an employee at a Scottish charity into wiring £173,000 to a threat actor posing as a construction firm. The employee wasn't careless. They weren't stupid. They simply hadn't been trained to spot the signs.
The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a series of social engineering messages to an Uber employee, eventually convincing them to approve a multi-factor authentication push notification. That single lapse gave the attacker access to internal systems, Slack channels, and admin
The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a social engineering message to an Uber employee, pretending to be IT support. The employee handed over credentials. Within hours, the attacker had access to internal systems, the company's HackerOne vulnerability reports,
