Security News > 2022 > June > The most common exploit paths enterprises leave open for attackers

Exposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server servers vulnerable to CVE-2021-42321 exploitation are the most common exploit paths medium to large enterprises left open for attackers in Q1 2022, according to Mandiant.

The firm has based the list on the most common issues discovered by continuously scanning the external attack surface of its customers from January 1, 2022 to March 31, 2022.

Exposed version control repositories can give attackers access to application source code, configuration files, sensitive data or confidential information; exposed S3 buckets usually contain sensitive company data; secrets such as passwords/authentication credentials, cryptographic keys and API tokens that may inadvertently be added to public code repositories such as GitHub or GitLab or Google Cloud Build could be found by attackers and used to publish malicious code.

There is a reason why vulnerabilities in Microsoft Exchange Server always receive attention from attackers and the security community: Exchange Server is one of the most widely used mail solutions, especially by enterprises and governmental organizations, and compromising it allows attackers to access company/government email accounts, send out malicious spam that is more likely to bypass security checks, etc.

Looking at the external attack surface like attackers do.

Enterprises should constantly monitor their ever-changing external attack surface and act quickly when they detect exploitable holes and exploit paths This means not only closing them, but also checking whether attackers might have taken advantage of them during the window of opportunity they provided.

News URL

https://www.helpnetsecurity.com/2022/06/09/exploit-paths-enterprises/