@gossithedog says “... If you take almost any incident which made press, they have themes. Carphone Warehouse - 6 year old unpatched Wordpress with credit cards in database, no PCI etc. TalkTalk - webapp with SQLi vuln older than teenager who did it. Democratic party - phishing... NHS WannaCry - lack of patching, firewalls with any/any rules. Parliament email - single factor auth. Even the people moving laterally inside networks are largely off the shelf tools, e.g. psexec from Microsoft. Breaches, of course, happen. So should proactive steps...”
https://twitter.com/gossithedog/status/956933029632593920
No comments:
Post a Comment