Hacker News new | ask | show | jobs
by jefc1111 840 days ago
"The Library utilises numerous trusted partners for software development, IT maintenance, and other forms of consultancy" ... "this terminal server was protected by firewalls and virus software, but access was not subject to Multi-Factor Authentication (MFA)"

¯\_(ツ)_/¯
2 comments
the8472 840 days ago
Occasionally malware groups do patch vulnerabilities to maintain exclusive control over the victim machines. But that wouldn't be my default expectation, so relying on virus software to provide security does not seem like a great idea.
link
yard2010 840 days ago
There are many attack vectors to bypass MFA, especially sms based MFA
link
jefc1111 840 days ago
True, but if you don't have it enabled / required then you're giving off signals of negligence which may extend into other vulnerabilities.
link