CyberSecurityBoard
Sponsor Register Login

IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms

The lawsuit, filed this Monday in New York, details how a Computacenter employee granted his girlfriend “Jenny” unauthorized access to Deutsche Bank’s server rooms housing the institution’s “big iron” – industry terminology for high-performance mainframe computers processing millions of sensitive financial transactions. James Papa, previously a service delivery manager at Computacenter, alleges he was fired in July 2023 after raising alarming security concerns about one of his subordinates who repeatedly allowed his Chinese girlfriend into highly secure server rooms. This case is particularly concerning since CCTV evidence allegedly shows Deutsche Bank’s own security team allowed Jenny into the secure datacenter areas without proper credentials or authorization, violating fundamental datacenter security protocols. This represents a catastrophic failure of Deutsche Bank’s multi-layered security controls that should have prevented any unauthorized access to their critical infrastructure. Papa pointed out DB’s obvious and egregious security failures in allowing Jenny entry into headquarters, DB’s lawyer and DB’s security representatives at the meeting became agitated and even more aggressive in their behavior toward Mr. According to court documents, these security breaches occurred multiple times between March and June 2023, specifically on days when Papa was not on site. Industry best practices mandate multi-layered security perimeters with strict physical and logical access controls, including biometric verification and continuous monitoring. As the legal process unfolds, the incident serves as a stark reminder for organizations globally: failing to address internal security lapses and responding against those who report them can have far-reaching consequences for operational integrity and corporate reputation. The lawsuit claims Papa was the only person disciplined despite the multiple security lapses. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 05:39:57 +0000


Cyber News related to IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms

IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms - The lawsuit, filed this Monday in New York, details how a Computacenter employee granted his girlfriend “Jenny” unauthorized access to Deutsche Bank’s server rooms housing the institution’s “big iron” – ...
2 weeks ago Cybersecuritynews.com
French Gov. Leaks 43 Million People's Data - French public employment administration loses control of citizens' data after biggest breach in Gallic history. Hackers stole 20 years of personal data relating to job seekers from a French agency. The boss of France Travail, Alexandre Saubot, has a ...
1 year ago Securityboulevard.com
Windows Incident Response: Human Behavior In Digital Forensics, pt II - Targeted Threat ActorI was working a targeted threat actor response, and while we were continuing to collect information for scoping, so we could move to containment, we found that on one day, from one endpoint, the threat actor pushed their RAT ...
1 year ago Windowsir.blogspot.com
Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
1 year ago Packetstormsecurity.com Rocke Hunters
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
2 years ago Trendmicro.com
Building AI That Respects Our Privacy - I built a crude AI system that aggregated my Fitbit data and healthcare records with my financial information, email, and more. I also started to grasp how powerful having my data in one place could be when, unbeknownst to me, the app had a ...
1 year ago Darkreading.com
Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
1 year ago Go.theregister.com CVE-2024-24691 CVE-2024-24690 CVE-2024-24695 CVE-2024-24696 CVE-2024-24697 CVE-2024-24698 CVE-2024-24699
CVE-2021-39164 - Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The ...
2 years ago
What to do with that fancy new internet-connected device you got as a holiday gift - This sent me down a path of reconfiguring my home network and re-adding a bunch of devices to a new network. Even though this sounds like a totally basic skill for anyone who works in cybersecurity, it was a big deal for me to set up a separate ...
1 year ago Blog.talosintelligence.com Rhysida
CVE-2022-36925 - Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by ...
2 years ago
New Jersey, Pennsylvania hospitals affected by cyberattacks - Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network ...
1 year ago Therecord.media
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
D-Link D-View 8 Unauthenticated Probe-Core Server Communication - A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. An unauthenticated remote attacker can register a host of his/her choice as a Probe server by sending ...
1 year ago Tenable.com
CVE-2024-57976 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
That time I broke into an API and became a billionaire - This included an internal API with a dependency on a third-party banking API. We'll get to the banking API later in this story. That's all thanks to developers embracing agile development, microservices, and API gateway redirection that exposed ...
1 year ago Securityboulevard.com
Microsoft tests Windows 11 encrypted DNS server auto-discovery - Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info ...
1 year ago Bleepingcomputer.com
Analysis of OT cyberattacks and malwares - Let's find the answer to all the questions by looking into some history of OT attacks and malware. We systematically categorize the attacks into direct and indirect vectors. Direct attacks are those that target OT systems through the exploitation of ...
1 year ago Securityboulevard.com
Location Data Tracks Abortion Clinic Visits. Here's What to Know - Our concerns about the selling and misuse of location data for those seeking reproductive and gender healthcare are escalating amid a recent wave of cases and incidents demonstrating that the digital trail we leave is being used by anti-abortion ...
1 year ago Eff.org Hunters
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
1 month ago Bleepingcomputer.com
Microsoft confirms May Windows 10 updates trigger BitLocker recovery - Microsoft's acknowledgment of this issue comes after many Windows users and admins have reported seeing devices unexpectedly enter the Windows Recovery Environment (WinRE) and displaying a BitLocker recovery screen after installing the KB5058379 ...
6 days ago Bleepingcomputer.com
Roundtable: Is DOGE Flouting Cybersecurity for US Data? - So far, Musk and his Department of Government Efficiency (DOGE) have accessed the computer systems of the Department of Treasury, as well as classified data from the US Agency for International Development (USAID) and the Office of Personnel ...
3 months ago Darkreading.com
The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
1 year ago Doublepulsar.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
Navigating the Cybersecurity Landscape - Cyber threats are diverse and continually evolving, ranging from commonplace scams to highly sophisticated attacks. Let's delve deeper into the nature of prevalent threats, gaining a nuanced understanding that will serve as the foundation for robust ...
1 year ago Feeds.dzone.com
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting - On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting via Shortcode vulnerabilities in WordPress repository plugins. We found over 100 vulnerabilities across 100 plugins which affect ...
1 year ago Wordfence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)