Login

Register

Login

Register

UN hacked via unpatched SharePoint server – Naked Security


The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report.

The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks.

A confidential report sent to the publication without permission by a UN IT official revealed that the cyberattack had started in mid-July last year. The hackers had compromised dozens of servers including those in its highly sensitive human rights operation, along with its human resources department.

Stéphane Dujarric, spokesperson for the UN Secretary-General, explained to media in a briefing on Tuesday:

Attempts to attack the UN IT infrastructure happen often. The attribution of any IT attack remains very fuzzy and uncertain. So, we are not able to pinpoint to any specific potential attacker, but it was, from all accounts, a well‑resourced attack.

The Associated Press (AP), which has seen the report, said that system logs had been meticulously cleared during the attack.

The hackers targeted a total of 42 servers, compromising the Active Directory domains of UN offices in Geneva, Vienna, and at the Office of the High Commissioner for Human Rights, although an official told the AP that nothing at the latter location was compromised. The three hacked locations employ around 4,000 staff. Geneva was the hardest hit, with 33 hacked servers, according to The New Humanitarian.

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW