Critical vulnerability at Palo Alto Networks: Patches and CISA warnings The latest serious security vulnerability in Palo Alto Networks products has
"Nope, everything is quiet here” – was the IT department mistaken? Our ethical hacker and co-founder Immanuel Bär is currently sneaking through the systems and is being Business punk-author Hilmar Poganatz. He didn't even have to be so quiet. You can find insights in the article below - even more details in the full article in the Output 2024 / 05 of the magazine.
In the latest issue of Business punk the author Hilmar Poganatz shows how important comprehensive IT security measures are - and how frighteningly easy it can be to circumvent them. As part of a penetration test that our co-founder Immanuel carried out with a team colleague, security gaps in a large German mechanical engineering company were uncovered.
Even the (literal) entry into the company shows how much can be achieved through clever social engineering: with a smile and a laptop under his arm, Immanuel passes the reception and enters conference rooms and factory halls without any problems. Such calm approaches make it clear that (IT) security is not just a question of technology, but also of physical control and the human factor.
The article describes in a particularly impressive way how Immanuel manages to hack into the company's internal network. He goes through the factory halls into the foreman's workshop, where he can easily read passwords and install malicious scripts using a prepared USB stick, a "Rubber Ducky". This type of attack shows how much IT security can be endangered by physical vulnerabilities.
But that's not all: In the office, he comes across post-its with passwords written on them - a classic mistake that can still be found in many companies. This small carelessness can potentially cause huge damage.
At this point, at the latest, the company fell.
Immanuel about the moment when a Trojan horse in the form of a small computer is successfully connected via LAN.
A central theme of the article is the financial damage that can result from such security gaps. According to the industry association Bitkom, cyber attacks on companies in Germany cause billions of euros in damage every year. The mechanical engineering company that is tested in the report also estimates that it could suffer millions of euros in damage every day in the event of a successful attack. And such scenarios are no longer rare.
The article by Business punk clearly shows why regular penetration tests are essential. Even companies that believe they have their security measures under control are often proven wrong when an experienced penetration tester like Immanuel is at work. Many vulnerabilities are not immediately visible and only become apparent through simulated attacks. The risk posed by vulnerabilities such as missing access controls can also be assessed much more realistically by actively exploiting them.
Cooperations with media such as Business punk help us to raise awareness of IT security. It is important that not only IT professionals, but also executives and managers understand what threats exist and how companies can protect themselves - for fewer password post-its and more real awareness.
By the way: Immanuel and Business-PunkAuthor Hilmar Poganatz left the factory premises in a company car, befitting their status - they quickly secured the key. The hacking then continued undisturbed in the hotel, thanks to the digital doors to the system that they had previously opened.
Critical vulnerability at Palo Alto Networks: Patches and CISA warnings The latest serious security vulnerability in Palo Alto Networks products has
Chinese hackers use T-Mobile and other US telecommunications systems for larger espionage campaign The giant US telecommunications company T-Mobile has confirmed that it is one of the
The challenge of permissions and non-human identities – Why managing credentials takes longer than you think With the
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.