https://www.modat.io/post/doors-wide-open-critical-risks-in-ams
A widespread security risk has been discovered involving misconfigured and exposed Access Management Systems (AMS) across numerous industries and countries.
This exposure has resulted in hundreds of thousands of employee records, including personal identification details, biometric data, photographs, and work schedules, being accessible online. Additionally, the physical security of thousands of organizations has been compromised, allowing potential unauthorized entry into buildings and bypassing physical security measures.
The affected sectors include construction, healthcare, education, manufacturing, oil, and government entities, with a high concentration of exposed systems found in European countries, the US, and the MENA region.
The consequences of these vulnerabilities range from financial losses and regulatory penalties, such as GDPR fines, to severe breaches leading to identity theft, unauthorized access, and disclosure of confidential business information.
The report emphasizes the critical need for organizations to implement robust security measures, including restricting internet access to AMS, regularly updating security patches, changing default credentials, and implementing continuous monitoring to protect sensitive data and maintain physical security.