Hacker News new | ask | show | jobs
by cyberferret 3581 days ago
That is my question too - how was an internal logging server not set for restricted login only from the internal subnet?

Also - they mentioned the perp got in via a compromised employee login. No clarification if it was a former disgruntled employee, or that a current employee had a weak password, or was social engineered into divulging it.

In any case, it points to bad internal policies and procedures around isolating servers and employee password management.
2 comments
guitarbill 3581 days ago
Especially ironic since they do "Identity Management as a Service": https://www.onelogin.com/why-onelogin/strengthen-security
link
ams6110 3581 days ago
If it was a compromised employee login it could have been an indirect path to the log server. E.g. ssh or "Go to My PC" to employee workstation, or log in to company VPN, from there to internal hosts.

Not that employee workstations should have access to production machines ideally, but it is commonplace at small companies (and big ones too).

link