• Cyber Safety
  • Posts
  • Forgotten But Dangerous: Office Tech, Ghost Rights & AI Errors

Forgotten But Dangerous: Office Tech, Ghost Rights & AI Errors

August 28, 2025

Hardware-Based Backdoors Found in Off-Brand Devices

Recent investigations reveal low-cost routers, webcams, and tablets shipping with pre-installed firmware backdoors—often activated remotely by command and control servers hosted overseas.

Security teams should ban uncertified hardware, run firmware integrity scans, and segment all untrusted IoT onto isolated VLANs.

SIM-Based Reconnaissance Precedes Phishing Attacks

Before launching phishing, attackers now profile targets using leaked mobile metadata—like SIM card country codes, device type, and app usage—allowing for precision-crafted lures.

Use MDM to restrict app telemetry, anonymize mobile DNS traffic, and watch for phishing campaigns that coincide with recent SIM or carrier activity.

User Entitlement Creep Is Killing Least-Privilege

Employees accumulate roles, app permissions, and admin rights over time—but rarely lose them. This “entitlement creep” quietly undermines Zero Trust strategies.

Implement periodic access reviews, automate role expiration based on project lifecycle, and audit IAM systems for dormant admin access.

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

  • Get daily AI news, tools, and tutorials

  • Learn new AI skills you can use at work in 3 mins a day

  • Become 10X more productive

Emergency Access Accounts Are Rarely Audited

Break-glass accounts and “firefighter” logins often bypass MFA and logging in the name of urgency. Many remain active and unmonitored long after being created.

Put all emergency accounts behind logging gateways, rotate their credentials monthly, and alert security teams on every use.

AI-Summarized Security Reports Are Missing Critical Context

CISOs relying on LLMs to summarize log activity or incident briefings are starting to report oversimplified conclusions, hallucinated alerts, and false negatives.

Treat AI summaries as drafts only. Always pair automated insight with expert review—especially in IR, compliance, and board-level reporting.

Shared Office Devices Are a Post-COVID Blind Spot

Printers, kiosks, and tablet-based check-in stations in hybrid offices are rarely updated, monitored, or segmented. Many retain cached credentials, print logs, or stored files.

Enforce print and device auditing, reset shared systems daily, and deploy endpoint protection—even on “nontraditional” hardware.

Fact-based news without bias awaits. Make 1440 your choice today.

Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.