|
|
|
|
|
|
by SheinhardtWigCo
336 days ago
|
|
|
> In 3 of 4 calls, the service desk reset passwords and re-enrolled MFA with zero resistance. The caller simply gave a name – no validation, no callback, no check. On the 4th call, the attacker requested access to a privileged group. The TCS agent asked for an employee ID. The ID given didn’t even match our company’s format; and yet, the access was granted anyway. Yikes |
|
|