An Interest In:
Web News this Week
- April 4, 2024
- April 3, 2024
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
January 12, 2021 01:25 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZTvg-ENN0zg/researchers-test-uns-cybersecurity-find-personal-data-on-100k-employees
Researchers Test UN's Cybersecurity, Find Personal Data On 100K Employees
chicksdaddy shares a report from The Security Ledger: Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based GitHub development account used by the U.N. and lift data on more than 100,000 staff and employees, according to a report by The Security Ledger. Researchers affiliated with Sakura Samurai, a newly formed collective of independent security experts, exploited an exposed GitHub repository belonging to the International Labour Organization and the U.N.'s Environment Programme (UNEP) to obtain "multiple sets of database and application credentials" for UNEP applications, according to a blog post by one of the Sakura Samurai researchers, John Jackson, explaining the group's work. Specifically, the group was able to obtain access to database backups for private UNEP projects that exposed a wealth of information on staff and operations. That includes a document with more than 1,000 U.N. employee names, emails; more than 100,000 employee travel records including destination, length of stay and employee ID numbers; more than 1,000 U.N. employee records and so on. The researchers stopped their search once they were able to obtain personally identifying information. However, they speculated that more data was likely accessible.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZTvg-ENN0zg/researchers-test-uns-cybersecurity-find-personal-data-on-100k-employees
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot