Dismiss this notice
Ant Download Manager Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13686

Dismiss this notice
Macrium Reflect Home Edition Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13685

Dismiss this notice
HitmanPro.Alert Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13684

Dismiss this notice
VoodooShield PRO Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13689

Dismiss this notice
NoVirusThanks OSArmor v1.5 Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13758

Dismiss this notice
Revo Uninstaller Pro 4 Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13688

Dismiss this notice
CheckMAL's AppCheck Pro Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13690

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ethical Hackers Breach U.N., Access 100,000 Private Records
#1
Information 
Quote:Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information (PII)–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure program.
 
Ethical hackers from the research group Sakura Samurai used a vulnerability in a GitHub directory that exposed WordPress DB and GitHub credentials, allowing access to numerous private records from the U.N.’s Environment Program (UNEP).
 
Researchers Jackson Henry, Nick Sahler, John Jackson and Aubrey Cottle discovered the vulnerability after the team decided to take a crack at finding an entry for the U.N.’s Vulnerability Disclosure Program and Hall of Fame and eventually identified an endpoint that exposed the credentials, researchers wrote in a blog post.
 
“The credentials gave us the ability to download the Git repositories, identifying a ton of user credentials and PII,” they wrote. “In total, we identified over 100K+ private employee records. We also discovered multiple exposed .git directories on U.N.-owned web servers [ilo.org], the .git contents could then be exfiltrated with various tools such as ‘git-dumper’.”
 
Researchers were able to access a significant amount of sensitive U.N. information in their breach, including 102,000 travel records; more than 7,000 records of human resources nationality demographics; more than 1,000 generalized employee records; more than 4,000 project and funding-source records; and evaluation reports of 283 projects.
 
Data revealed in the records included the names, ID numbers, nationalities, genders, pay grades and a raft of other personal information pertaining to U.N. employees, as well as identification numbers, locations and financing amounts for various UNEP projects, as well as funding sources and other specific details.

Read more: https://threatpost.com/hackers-breach-un...ds/162944/
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Sync and other features may stop working...
Third-party Chr...harlan4096 — 08:31
NoVirusThanks OSArmor v1.5
Thanks for the updat...jasonX — 17:26
GFYI [Official] NoVirusThanks OSArmor v...
Thanks a lot for the...dinosaur07 — 16:28
NoVirusThanks OSArmor v1.5.3
We've released OSA...harlan4096 — 16:26
GFYI [Official] NoVirusThanks OSArmor v...
Sponsor has given wo...jasonX — 16:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (45)theoldevext
avatar (40)algratCep
avatar (45)Qlaude2Sap
avatar (46)Josepharelf
avatar (35)kholukrefar
avatar (44)Lauraimike
avatar (46)WilsonWag
avatar (44)StevenPiole
avatar (35)zetssToomy
avatar (42)GornOr
avatar (45)Jamesmog
avatar (33)opeqyrav
avatar (36)dlanod78
avatar (33)ivanoFloom
avatar (36)uxegihor

[-]
Online Staff
harlan4096's profile harlan4096
Administrator
dhruv2193's profile dhruv2193

>