Secondary threats
The publicity of supply code held in repositories like this might reveal vulnerabilities that attackers can exploit to launch additional assaults, security specialists warned.
“In addition to the potential for threat to people by way of uncovered PII [personally identifiable information], the leak additionally will increase the chance to the NYT of additional focused intrusions by way of the publicity of vulnerabilities within the web site’s infrastructure,” Rik Ferguson, VP of security intelligence at security vendor Forescout, instructed CSOonline.com.
“These vulnerabilities might then be additional leveraged in varied methods, for instance to distribute malware, to impact additional intrusions into NYT company infrastructure, or for denial-of-service assaults.”
