Tag

Zero Trust Security

Zero trust security content examines the principle of never trusting and always verifying every user, device, and connection. Articles explore micro-segmentation, least-privilege access, continuous monitoring, and how organizations transition from perimeter-based defenses to zero trust models.

posts

Supply Chain Attacks

Supply Chain Attack Examples That Reshaped Cybersecurity

In December 2020, cybersecurity firm FireEye disclosed that a threat actor had compromised SolarWinds' Orion software update mechanism, distributing malware to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. The attackers didn't break down the front door.

Carl B. Johnson Mar 05, 2025 7 min read
Identity Theft Protection

Identity Theft Protection for Businesses: A 2025 Guide

In January 2024, a single compromised employee credential at a mid-size financial services firm led to the theft of 4.3 million customer records. The breach cost the company $18 million in remediation, legal fees, and regulatory fines — and their brand reputation still hasn't recovered. That's

Carl B. Johnson Feb 28, 2025 7 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2024, security researchers at Sekoia documented a massive adversary-in-the-middle campaign that used phishing kits to intercept Microsoft 365 credentials and session tokens in real time — bypassing multi-factor authentication entirely. The attack wasn't theoretical. It hit thousands of organizations across multiple industries. And it reminded every security

Carl B. Johnson Dec 19, 2024 8 min read
DNS Spoofing Attack

DNS Spoofing Attack: How It Works and How to Stop It

In April 2024, security researchers at Akamai reported a massive DNS hijacking campaign targeting over 600 domains, redirecting users to credential harvesting pages that looked identical to legitimate banking and email portals. Victims had no idea they were on a fake site. Their browsers showed no warnings. The URLs looked

Carl B. Johnson Dec 19, 2024 8 min read
Living Off the Land Attacks

When Attackers Removed Legitimate Software to Hide

In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about threat actors linked to Volt Typhoon — a Chinese state-sponsored group that had been living inside U.S. critical infrastructure networks for years. One of their signature moves? They removed legitimate security tools and logging mechanisms from

Carl B. Johnson Aug 19, 2024 7 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2024, a single employee at a mid-sized accounting firm double-clicked a file named Invoice_Final_v2.exe. Within 40 minutes, the LockBit ransomware variant had encrypted 14,000 files across three networked drives. The ransom demand was $2.2 million. The firm's antivirus was installed. It

Carl B. Johnson Jul 13, 2024 6 min read
Cyber Security

Cyber Security in 2024: What Actually Works Now

The $4.88 Million Wake-Up Call You Can't Afford to Ignore IBM's 2024 Cost of a Data Breach Report pegs the global average cost of a breach at $4.88 million — the highest figure ever recorded. That's not a typo. And it's

Carl B. Johnson Jul 13, 2024 8 min read