Secondary threats
The exposure of source code held in repositories like this could reveal vulnerabilities that attackers can exploit to launch further attacks, security experts warned.
“As well as the potential for risk to individuals through exposed PII [personally identifiable information], the leak also increases the risk to the NYT of further targeted intrusions through the exposure of vulnerabilities in the website’s infrastructure,” Rik Ferguson, VP of security intelligence at security vendor Forescout, told CSOonline.com.
“These vulnerabilities could then be further leveraged in various ways, for example to distribute malware, to effect further intrusions into NYT corporate infrastructure, or for denial-of-service attacks.”
