by James Cavenaugh | May 13, 2026 | Identity & Access Security
In September 2022, Uber got breached. An 18-year-old attacker bought a contractor’s password on the dark web for a few dollars. The contractor had MFA enabled. Uber’s MFA required pushing “approve” on a mobile app. The attacker couldn’t...
by James Cavenaugh | May 11, 2026 | Ransomware & Data Recovery
In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, got hit with ransomware that shut down a big chunk of the U.S. healthcare payment infrastructure for weeks. Pharmacies couldn’t process prescriptions. Medical practices couldn’t...
by James Cavenaugh | Apr 27, 2026 | Identity & Access Security
If your firm’s idea of multi-factor authentication is “we get a text message with a code,” you don’t really have MFA. You have something that feels like MFA, and that feeling is worth less than you think. NIST deprecated SMS as a second factor...
