Security News
The U.N. disarmament chief warned Friday that cyber crime is on the rise, with a 600% increase in malicious emails during the COVID-19 pandemic. Russia did not attend the informal council meeting broadcast online, which was the centerpiece of Estonia's council presidency.
Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more!Offensive Security have released Kali Linux 2020.1, which is available for immediate download. You can upgrade Windows 7 for free! Why wouldn't you?Windows 7 has been Microsoft's most successful operating system and, it's safe to say, one of the most loved. How industries are evolving their DevOps and security practicesThere's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses.
Targeting UN networks in Geneva and Vienna, the attacker was able to compromise accounts and data at dozens of servers, prompting one senior UN IT official to call it a "Major meltdown," the New Humanitarian said. "These things...attempts to attack the UN IT infrastructure happen often. The attribution of any IT attack is remains very fuzzy and uncertain. So, we are not able to pinpoint to any specific potential attacker, but it was, from all accounts, a well‑resourced attack."
The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.
The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked? According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.
The United Nations' European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Despite the size and extent of the hack, the UN decided to keep it secret.
The hacking incidents, which took place at three United Nations' offices in Vienna and Geneva sometime around July 2019, appear to have compromised at least 40 servers as well as several domains, according to the Wednesday New Humanitarian report, which is based on confidential UN report it obtained. While some United Nations' officials knew about the hacking, most were kept in the dark for months until this week's news reports, the news agency says.
A forensic examination of Amazon CEO Jeff Bezos's mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware - likely NSO Group's notorious Pegasus mobile spyware - that came from Saudi Arabia's Crown Prince Mohammed bin Salman's personal WhatsApp account. The UN's report said that full details from the digital forensic exam of Bezos's phone were made available to its special rapporteurs.
The Crown Prince of Saudi Arabia, Mohammad bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos's iPhone X, causing a massive stir in diplomatic circles. Following a report yesterday that Bezos's smartphone had been compromised by a malware-poisoned video sent directly by bin Salman to Bezos through WhatsApp, on Wednesday two UN special rapporteurs named the head of the oil state as the source of digital spyware, and called for an "Immediate investigation by US and other relevant authorities" into the "Continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents."
Independent UN rights experts said Wednesday they had received information that Amazon owner Jeff Bezos's phone was hacked through a WhatsApp account belonging to Saudi Crown Prince Mohammad bin Salman. "The alleged hacking of Mr Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," UN Special Rapporteurs Agnes Callamard and David Kaye said in a statement in Geneva.