Security News

Top UN Official Warns Malicious Emails on Rise in Pandemic
2020-05-26 03:44

The U.N. disarmament chief warned Friday that cyber crime is on the rise, with a 600% increase in malicious emails during the COVID-19 pandemic. Russia did not attend the informal council meeting broadcast online, which was the centerpiece of Estonia's council presidency.

Week in review: UN hacked, new Kali Linux release, Win7 upgrade dilemma
2020-02-02 14:00

Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more!Offensive Security have released Kali Linux 2020.1, which is available for immediate download. You can upgrade Windows 7 for free! Why wouldn't you?Windows 7 has been Microsoft's most successful operating system and, it's safe to say, one of the most loved. How industries are evolving their DevOps and security practicesThere's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses.

How to avoid the mistakes made in the UN data breach
2020-01-31 15:12

Targeting UN networks in Geneva and Vienna, the attacker was able to compromise accounts and data at dozens of servers, prompting one senior UN IT official to call it a "Major meltdown," the New Humanitarian said. "These things...attempts to attack the UN IT infrastructure happen often. The attribution of any IT attack is remains very fuzzy and uncertain. So, we are not able to pinpoint to any specific potential attacker, but it was, from all accounts, a well‑resourced attack."

UN hacked via unpatched SharePoint server
2020-01-31 13:04

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.

UN hacked: Attackers got in via SharePoint vulnerability
2020-01-30 13:49

The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked? According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.

UN didn't patch SharePoint, covered up massive hack of multiple key systems – and kept most staff in the dark
2020-01-29 22:39

The United Nations' European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Despite the size and extent of the hack, the UN decided to keep it secret.

UN Kept Hacker Attacks Under Wraps
2020-01-29 22:03

The hacking incidents, which took place at three United Nations' offices in Vienna and Geneva sometime around July 2019, appear to have compromised at least 40 servers as well as several domains, according to the Wednesday New Humanitarian report, which is based on confidential UN report it obtained. While some United Nations' officials knew about the hacking, most were kept in the dark for months until this week's news reports, the news agency says.

UN report alleges that Saudi crown prince hacked Jeff Bezos’s phone
2020-01-23 11:38

A forensic examination of Amazon CEO Jeff Bezos's mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware - likely NSO Group's notorious Pegasus mobile spyware - that came from Saudi Arabia's Crown Prince Mohammed bin Salman's personal WhatsApp account. The UN's report said that full details from the digital forensic exam of Bezos's phone were made available to its special rapporteurs.

Who honestly has a crown prince in their threat model? UN report officially fingers Saudi royal as Bezos hacker
2020-01-22 23:13

The Crown Prince of Saudi Arabia, Mohammad bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos's iPhone X, causing a massive stir in diplomatic circles. Following a report yesterday that Bezos's smartphone had been compromised by a malware-poisoned video sent directly by bin Salman to Bezos through WhatsApp, on Wednesday two UN special rapporteurs named the head of the oil state as the source of digital spyware, and called for an "Immediate investigation by US and other relevant authorities" into the "Continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents."

UN Experts Urge Probe Into Alleged Saudi Hacking of Bezos Phone
2020-01-22 16:28

Independent UN rights experts said Wednesday they had received information that Amazon owner Jeff Bezos's phone was hacked through a WhatsApp account belonging to Saudi Crown Prince Mohammad bin Salman. "The alleged hacking of Mr Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," UN Special Rapporteurs Agnes Callamard and David Kaye said in a statement in Geneva.