United Nations data breach exposed over 100k UNEP staff records

Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated with … Continue reading United Nations data breach exposed over 100k UNEP staff records

Apple removed Parler from the App Store for inciting violence

Apple has removed the Parler social network app from the App Store for violating policies, including not providing an updated moderation plan or an updated app with objectionable content removed. Since the U.S. Capitol Building riot on January 6th, 2021, there has been an increase in social networking posts that incite violence against politicians, law … Continue reading Apple removed Parler from the App Store for inciting violence

New Zealand Reserve Bank suffers data breach via hacked storage partner

The Reserve Bank of New Zealand, known as Te Pūtea Matua, has suffered a data breach after threat actors hacked a third-party hosting partner. The Reserve Bank is the central bank of New Zealand and is responsible for creating monetary policy to stabilize prices in the country. On January 10th, the Reserve Bank disclosed that … Continue reading New Zealand Reserve Bank suffers data breach via hacked storage partner

Twitter hires veteran hacker Mudge as head of security

Twitter has appointed one of the world’s most respected hackers as its new head of security in the wake of a humiliating mass attack in July. The company has placed Peiter Zatko in charge of protecting its platform from threats of all varieties, poaching him from the payments startup Stripe. Zatko is better known as … Continue reading Twitter hires veteran hacker Mudge as head of security

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise … Continue reading Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security