Security News

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.

The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked? According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.

The United Nations' European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Despite the size and extent of the hack, the UN decided to keep it secret.

The hacking incidents, which took place at three United Nations' offices in Vienna and Geneva sometime around July 2019, appear to have compromised at least 40 servers as well as several domains, according to the Wednesday New Humanitarian report, which is based on confidential UN report it obtained. While some United Nations' officials knew about the hacking, most were kept in the dark for months until this week's news reports, the news agency says.

A forensic examination of Amazon CEO Jeff Bezos's mobile phone has pointed to it having allegedly been infected by personal-message-exfiltrating malware - likely NSO Group's notorious Pegasus mobile spyware - that came from Saudi Arabia's Crown Prince Mohammed bin Salman's personal WhatsApp account. The UN's report said that full details from the digital forensic exam of Bezos's phone were made available to its special rapporteurs.

The Crown Prince of Saudi Arabia, Mohammad bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos's iPhone X, causing a massive stir in diplomatic circles. Following a report yesterday that Bezos's smartphone had been compromised by a malware-poisoned video sent directly by bin Salman to Bezos through WhatsApp, on Wednesday two UN special rapporteurs named the head of the oil state as the source of digital spyware, and called for an "Immediate investigation by US and other relevant authorities" into the "Continuous, multi-year, direct and personal involvement of the Crown Prince in efforts to target perceived opponents."

Independent UN rights experts said Wednesday they had received information that Amazon owner Jeff Bezos's phone was hacked through a WhatsApp account belonging to Saudi Crown Prince Mohammad bin Salman. "The alleged hacking of Mr Bezos's phone, and those of others, demands immediate investigation by US and other relevant authorities," UN Special Rapporteurs Agnes Callamard and David Kaye said in a statement in Geneva.

For much of Android's existence, Google has adopted a relatively hands-off approach that lets manufacturers ship units with pre-installed bloatware which, in many cases, cannot be easily removed. "Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted, which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent," the letter states.

The United Nations on Friday approved a Russian-led bid that aims to create a new convention on cybercrime, alarming rights groups and Western powers that fear a bid to restrict online freedom....

Researchers have brought to light a longstanding phishing campaign aimed at the UN and its various networks, and a variety of humanitarian organizations, NGOs, universities and think tanks. Some...