Visualização normal

Antes de ontemStream principal
  • ✇Arstechnica
  • After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords Nate Anderson
    Hacking is hard. Well, sometimes. Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity. So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and y
     
  • ↗️

After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords

✇Arstechnica
Por:Nate Anderson
23 de Julho de 2025, 16:46

Hacking is hard. Well, sometimes.

Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity.

So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed.

Read full article

Comments

❌
❌