Paid a red team good money. They found a path into our environment in 4 hours through a legacy admin panel someone built during an internal hackathon two years ago. Still running. Still exposed. Default credentials. Nobody remembered it existed until the report landed on the CTO's desk.
We spent 30k on a pen test and the biggest finding was something we built ourselves and forgot about. Not a zero day. Not a sophisticated attack chain. Just inventory failure.
Anyone else done a pen test and found your own ghosts? What was the dumbest entry point you've seen?
I know some laptops come with mobile network capability, in this case do you provide them with Sims to cater this? Or do you recommend them to their mobile hotspot?
PS: mistake with the title, not gsm but 4g/5g dongles
In the US, fired and laid-off workers often have their digital credentials deactivated before they learn about the loss of their jobs; indeed, the inability to log in to a corporate system may be the first an employee knows of the situation.
Although not a generous or humane approach to staff reduction, it does follow from the simple fact that a fired employee with access to company systems is a security risk.
Just ask the Akhter twin brothers, accused of wiping out 96 databases hosting US government information in the minutes after both were fired last year from their shared employer.
https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/
Credit: Tiktok: @comic_brooks
For the record, we support 100,000 users. Thoughts? Anyone else dealing with lunacy around AI potential from executives?
"Tell me you've never worked a day of help desk, without telling me you've never worked a day of help desk."
edit:
thank you all for the sanity check and hilarious replies. glad I'm not alone. my final question... what do these billionaires and rich elites think idle hands with highly technical skills and understanding of user behaviour are going to do with all their free time and desperation? they're gonna start phishing and bringing down powerplants and data centers is my theory.
All of them. Including credentials for sites you won't open this session.
Remember the late 1990's when people would steal 128MB sticks of pre-DDR RAM worth about $300 each from computers before resigning or getting fired so they put padlock loops on the desktop cases? Yeah, they're like $400 a stick now for 64GB setups. We had a request to do so by one of our MSP customers after we can't really prove it but we're 99% sure someone stole a stick.
Considering I can get past a dollar store bulk padlock that small with a paperclip, I instead put in an RMM rule that says send a high priority alert email if the RAM on a system falls below what it is now by more than 10%. I had to hard code it since that wasn't a trigger template for some reason.
Anyone else already run into this and doing something similar? For everyone else, not a bad idea.
I work for a large org. We have thousands of Windows servers across our enterprise. Our cybersec team is freaking tf out lately because I was having a conversation with one of the cybersecurity analysts (who isn't technical at all) and corrected her when she tried to say none of our Windows servers have web browsers installed.
I informed her that Edge is a core component of Windows and isn't easily removed, and honestly it would probably cause more issues if we did. This clearly induced anxiety with them and now we've had multiple meetings about the fact that we have web browsers installed on our Windows servers.
Have you guys had these convos? What's your take on this?
My feeling is that since a web browser, whether that's IE or Edge (depending on Windows version), is a core component of the OS, then removing those could result in larger issues with certain tools and utilities not working.
Our systems are largely locked down so only admins can access them. We have MFA with Entra and our admin accounts have rotating passwords every few hours.
Am I off base here? What am I missing in this conversation?