Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.
posts
The Breach That Cost Change Healthcare Everything In February 2024, a threat actor used stolen credentials to access Change Healthcare's systems — systems that lacked multi-factor authentication on a critical remote access portal. The result? A ransomware attack that disrupted pharmacy operations across the United States for weeks and
The 24 Billion Stolen Passwords Nobody Talks About In 2022, researchers at Digital Shadows found over 24 billion username-and-password pairs circulating on dark web marketplaces and criminal forums. That number has only grown. If you think your organization's credentials aren't in that pile, I'd
In 2024, a single set of stolen Snowflake credentials led to the breach of over 165 organizations — including Ticketmaster and AT&T — exposing hundreds of millions of customer records. The root cause wasn't some exotic zero-day exploit. It was reused passwords without multi-factor authentication. Every one of
In 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by social engineering the help desk into resetting an employee's credentials — credentials that lacked properly enforced multi-factor authentication at critical junctures. That single phone call cascaded into one of the most expensive
The Threat Already Inside Your Building In January 2023, the FBI arrested a former GE Aviation employee who had spent years downloading thousands of proprietary turbine technology files and transferring trade secrets to a competing business in China. The insider had legitimate access. He passed every background check. He sat
The Threat Already Inside Your Building In 2022, a former employee at Cash App's parent company, Block, downloaded reports containing the personal information of 8.2 million customers — months after leaving the company. Block disclosed the breach in an SEC filing, and lawsuits followed. The attacker didn'
In 2022, a former employee at Cash App's parent company, Block Inc., downloaded reports containing the personal information of over 8 million customers — months after they'd left the company. The access was never revoked. No alarm was triggered. The breach wasn't discovered until the
One Employee Stole Data for Profit. The Other Just Clicked the Wrong Link. In 2022, a former employee of a major healthcare organization was sentenced to federal prison for stealing patient records and selling them. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches involved
The Breach That Came From the Inside In 2022, a former Twitter employee was convicted of spying on behalf of Saudi Arabia, accessing the personal data of dissidents using nothing more than his legitimate credentials. No malware. No phishing email. Just an insider with access and motive. That case made
In 2023, MGM Resorts lost roughly $100 million after a threat actor social-engineered their way past an IT help desk employee — with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They just talked their way in. And the
