Saudi Arabia’s Ministry of Industry and Mineral Resources (MIM) had an environment file exposed, opening up sensitive details for anybody willing to take them. The Cybernews research team believes that the sensitive data was accessible for 15 months. An environment (env.) file serves as a set of instructions for computer programs, making it a critical component for any system. Leaving these files open to anyone exposes critical data and provides threat actors with various attack options. Meanwhile, the now-closed MIM’s env. file exposed information that attackers could employ for lateral movement within the ministry’s systems, potentially escalating to anything from account takeover to a ransomware attack. MIM is a government body responsible for industry and mineral resources operations. It was established in 2019 to diversify Saudi Arabia’s economy away from oil and gas. According to the team, the first time the env. file was indexed by IoT search engines was…
_Cybersecurite via GRISE Veille Globale on Inoreader
