• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
United Nations Reveals Potential Data Breach

United Nations reveals potential data breach

You are here: Home / General Cyber Security News / United Nations reveals potential data breach

Scientists located the United Nations Environmental Application (UNEP) computer systems contained vulnerabilities that could have exposed 100,000 personalized information data. 

In accordance to a report by the moral hacking firm Sakura Samurai, which appeared at the UN network’s strength, they acquired this knowledge in considerably less than 24 hours. By identifying an endpoint that exposed Git qualifications, researchers employed the credentials to down load Git repositories and discover person credentials and personally identifiable data (PII).

“In whole, we discovered over 100K+ non-public employee records. We also identified several exposed .git directories on UN owned web servers [ilo.org], the .git contents could then be exfiltrated with many applications these as “git-dumper”,” mentioned scientists.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
F Secure Safe 2021

Protect yourself against all threads using F-Seure. F-Seure is one of the first security companies which has never been backed up by any governments. It provides you with an award-winning security plus an optimum privacy.

Get F-Secure Safe with 65% discount from a bitdefender official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Among the finds was vacation and staff information. Vacation documents Involved worker IDs, names, personnel groups, vacation justification, start out and finish dates, approval status, location, and the length of remain. Researchers also observed HR facts, these kinds of as nationality, gender, and fork out quality, on 1000’s of employees.

“In whole, we found 7 additional credential-pairs which could have resulted in unauthorized obtain of various databases. We decided to cease and report this vulnerability when we were being equipped to accessibility PII that was uncovered via Database backups that were in the private tasks,” reported researchers.

Javvad Malik, security consciousness advocate at KnowBe4, informed ITPro it’s quick for companies, particularly worldwide types, to have details unfold throughout various programs and platforms. 

“Keeping track of all these disparate systems can be complicated ample and guaranteeing the proper security settings are applied and that qualifications are appropriately managed is important,” Malik explained. “While numerous technologies and processes exist to assist protected businesses to stop these kinds of issues, it is necessary that organizations cultivate a culture of security so that anyone is conscious of the purpose they have to participate in in securing the group as it truly is not anything a security office can do on their own.”

Martin Jartelius, CSO at Outpost24, told ITPro the flaws we see in this situation are all similar to end users configuring individuals servers, leaving information exposed and software program misconfigured. 

“Those are flaws in utilization, not flaws in computer software. It is in pieces more about as all those units had been internet exposed, and in turn, held credentials for other systems,” he stated.

“With entry to some of the indicated information and the simplicity of the breach, attackers may well have entry to this data. It is one particular of the basic controls any skilled analyst performs in opposition to a method they are auditing, still it is continue to surprisingly usually a gratifying route to consider offered the attack floor is sufficiently huge, this kind of as a complete firm.”


Some components of this article are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Bridewell Appoints Martin Riley as Director of Managed Security Services
Next Post: 10 quick tips to identifying phishing emails 10 Quick Tips To Identifying Phishing Emails»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.