Hackers shoveled snow for company, were rewarded with network admin access

https://image.theregister.com/5265252.jpg?imageId=5265252&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Fortunately, they were professional red teamers. Unfortunately, they pwned the network

PWNED Welcome back to PWNED, the column where we document serious security failures in hopes we can all learn from others’ mistakes. This week, we’ll talk about how a lack of physical security can allow threat actors to take control of your network.

Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.

Our story comes to us from two professional red teamers, who get paid to break into offices and networks in order to find holes in the security system. Kristopher Johnson was working as an offensive security consultant at Echelon Risk + Cyber in 2023 and his manager was Dahvid Schloss. We spoke to both.

Johnson and another employee named Michael were called upon to challenge the security at a client’s office while...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more