1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of misconfigured building access systems have been leak

    From TechnologyDaily@1337:1/100 to All on Fri Feb 28 15:45:06 2025
    Thousands of misconfigured building access systems have been leaked online

    Date:
    Fri, 28 Feb 2025 15:32:00 +0000

    Description:
    Crooks could access buildings that should be off limits, or even exploit them to steal sensitive information.

    FULL STORY ======================================================================Research ers found tens of thousands of vulnerable AMS around the world 49,000 misconfigured AMS could represent a major problem Vendors are working on a
    fix

    Tens of thousands of Access Management Systems (AMS), built by different vendors and spread across different countries, were found connected to the wider internet, misconfigured, and thus - exposed to cyberattacks.

    A report from cybersecurity researchers Modat noted Access Management Systems are security frameworks that control and monitor who can access digital or physical resources within an organization. They authenticate users through methods like passwords, biometrics, or multi-factor authentication and authorize their level of access based on predefined policies.

    Modat said they found 49,000 misconfigured AMS, in different organizations around the globe. Widespread internet exposure of AMS across multiple countries indicates a worldwide problem, it said. The devices were found in key industries such as construction, healthcare, education, manufacturing,
    the oil industry, and government organizations. Botnet for hire

    Arguably the biggest problem with these misconfigurations is the compromised physical security of the affected organizations, as criminals could bypass physical security and access buildings which should otherwise be off limits.

    But aside from that, another important takeaway is that cybercriminals could steal sensitive employee data this way. Personal identification information, employee photographs, biometric data, work schedules, payslips, and complete facility control and access were all found, Modat stressed.

    This could open the floodgates to phishing, identity theft, social engineering, and other forms of fraud that could see sensitive government information exfiltrated from the servers.

    Different AMS were affected differently, the researchers further explained. They said they detected a high concentration of vulnerabilities, mostly in European countries, the US, and the MENA region (Middle East and North Africa).

    The majority of flawed devices were found in Italy (16,678), Mexico (5,940), and Vietnam (5,035).

    Modat notified all of the affected organizations, but according to BleepingComputer , none responded so we dont know how many mitigated the risk by now. The researchers also reached out to vendors, some of which confirmed to be working on a fix.

    Via BleepingComputer You might also like What Is IAM? Understanding Identity & Access Management We've rounded up the best password managers Take a look
    at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-misconfigured-building-acc ess-systems-have-been-leaked-online


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)