The 2022 Uber breach that I've mentioned in other posts is usually talked about as an MFA story. It's also an endpoint story. The attacker didn't compromise an Uber-managed laptop. He compromised a contractor's personal device. The password that got him in was sitting...
Business Tech and Cyber Blog by CSM Systems
Our Latest Blog Post
Older Posts
The Patches You Meant to Install
In October 2023, Citrix published a patch for a vulnerability in their NetScaler product. The flaw, eventually nicknamed Citrix Bleed, let attackers bypass authentication on systems that hadn't been updated. Organizations that were running NetScaler had about a month...
Phishing by QR Code Is a Thing Now
The FBI issued a public service announcement a couple of years ago warning about QR code phishing, and the volume has climbed every quarter since. Vendor research from Proofpoint, Barracuda, and others shows QR-based phishing, which the industry has started calling...
MFA Bombing: When the Attacker Just Keeps Asking
In September 2022, Uber got breached. An 18-year-old attacker bought a contractor's password on the dark web for a few dollars. The contractor had MFA enabled. Uber's MFA required pushing "approve" on a mobile app. The attacker couldn't push the button. So he pushed...
The $2 Billion MFA Gap
In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, got hit with ransomware that shut down a big chunk of the U.S. healthcare payment infrastructure for weeks. Pharmacies couldn't process prescriptions. Medical practices couldn't submit claims....
Having Backups Isn’t the Same as Being Able to Restore
In July 2020, Garmin got hit with WastedLocker ransomware. Their website, their fitness apps, their pilot flight planning tools, their customer service, all of it was offline for about a week. Reuters covered the outage. Users couldn't sync their watches. Pilots...
The 23andMe Breach Wasn’t a Breach
In October 2023, 23andMe disclosed in an SEC filing that attackers had gained access to about 6.9 million customer accounts. The word "breach" got used a lot in the coverage. It's not really the right word. 23andMe themselves pushed back on it. They didn't get hacked....
The Helpdesk Is the Attacker’s Favorite Tool
In September 2023, MGM Resorts and Caesars Entertainment both got owned by the same threat group inside of ten days. Caesars paid a ransom that reporting later put at around $15 million. MGM refused to pay, took their systems offline, and disclosed to the SEC that the...
The Wire Fraud Came From a Vendor You Trust
Business email compromise at a law firm or CPA practice doesn't always start with your firm. About half the time, from what the FBI's IC3 reports show, the attacker compromises a vendor or a client first, and then uses that mailbox to defraud you. Which means your own...
When Microsoft Gets Breached, What It Means for You
In January 2024, Microsoft filed an 8-K with the SEC disclosing that a Russian state-sponsored group called Midnight Blizzard had breached their corporate network and read the email of members of their senior leadership team. The attackers were in the environment for...









