• Thousands of confidential

    From Mike Powell@1:2320/105 to ALL on Thu Oct 24 10:14:00 2024
    Thousands of confidential UN documents linked to gender equality push leaked online

    Date:
    Wed, 23 Oct 2024 15:02:00 +0000

    Description:
    UN Women documents were left unencrypted and without password protection in a database that anyone with an internet connection could access.

    FULL STORY ======================================================================

    A database believed to belong to the United Nations Trust Fund to End
    Violence against Women has been discovered unsecured online, containing financial reports, bank account information, staff details, victim
    testimonies and more.

    The database, containing a total 228 GB of information, was discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor .

    It lacked any password protection, with the 115,141 files displayed
    unencrypted and accessible to anyone with an internet connection. Victim and worker information exposed

    While currently unconfirmed, the database contained information linked it to the UN Women and UN Trust Fund to End Violence against Women, including
    letters and documents addressed to the UN and stamped with UN logos, with specific reference to UN Women.

    Amongst the information within the database, Fowler identified scanned
    passport documents and ID cards, alongside detailed information on staff
    roles including names, job roles, salary information and tax data.

    There were also documents labeled as victim success stories or testimonies, Fowler wrote in his report for vpnMentor . Some of these contained the names and email addresses of those helped by the programs, as well as details of their personal experiences. For instance, one of the letters purported to be from a Chibok schoolgirl who was one of the 276 individuals kidnapped by Boko Haram in 2014. A collection of documents and certificates from the UN Women database. (Image credit: vpnMentor / Jeremiah Fowler)

    It is not known how long the database has been exposed for, whether the database is managed by the UN Women organization or a third party, or whether the database has been accessed by anyone outside of the organization.

    Fowler explains several hypothetical situations in which the data could be misused, such as convincing spear phishing attacks against exposed email addresses using manipulated documents. Theoretically, a threat actor could
    also use the documents to gain a high-level understanding of the
    organizations organizational and financial layout.

    The UN Women organization has a scam alert posted on its website which is undated, but the page dates back to at least July 2022, with an update occurring in July 2024 adding a guide to using the Quantum procurement verification portal. Fowler alerted the UN Information Security team to the unprotected database, and received a response stating, The reported vulnerability does not pertain to us (the United Nations Secretariat) and is for UN Women. Please report the vulnerability to UN WOMEN. More from
    TechRadar Pro Take a look at the best identity theft protection tools around The United Nations ditches Big Tech in a bid for security These are the best parental control apps



    ======================================================================
    Link to news story: https://www.techradar.com/pro/thousands-of-confidential-un-documents-linked-to -gender-equality-push-leaked-online


    * SLMR 2.1a * Yea, I'm a pacifist. Wanna make somethin' of it, bub?
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)