Lorenzo Franceschi-BicchieraiFeb 10, 2023

Reddit says: “As we all know, humans are often the weakest part of the security chain.”

Other than this being a trite phrase and a cheap excuse, it also probably doesn’t make the victim of the phishing attack feel better.

Maybe one day we'll stop blaming the victim in infosec...one day.

https://techcrunch.com/2023/02/10/reddit-says-hackers-accessed-internal-data-following-employee-phishing-attack/

TechCrunch is part of the Yahoo family of brands

Show threadBrianKrebs
@lorenzofb They're not wrong, though. Human beings are the single most abundant and serious security risk for any organization. Happily, they are also their most important asset.
Feb 10, 2023 at 2:56pmWeb
Show threadGuillaume RossFeb 10, 2023
@briankrebs @lorenzofb I just don't like seeing that especially if an attack involved phishing credentials, when we know OTP and push are not sufficient. FIDO U2F or at least push+code confirm should be a standard, why keep providing systems that allow an easy mistake to be made?