Jobseekers' files follow internal records leaking online The United Nations has been hit with two damning data leak a
Jobseekers’ files follow internal records leaking online
The United Nations has been hit with two damning data leak allegations in as many days.
The global organization has seen researchers uncover a pair of flaws that had left a number of its records, and those of its employees, accessible to hackers online.
Word of the first issue came out yesterday when security researcher Kushagra Pathak found that the UN had left an unsecured set of Trello, Jira and Google Docs projects exposed to the internet.
Pathak, who has specialized in uncovering vulnerable Trello boards and web apps, said the exposed information included account credentials and internal communications and documents used by UN staff to plan projects.
After stumbling onto the vulnerable Trello board, he was able to then get access to the Jira and Google Docs deployments where he harvested other sensitive data. Pathak privately reported the issue to UN, who has since locked down the vulnerable web app instances.
The second exposure was uncovered by researcher Mohamed Baset of Seekurity and resulted in the exposure of “thousands” of rÃ©sumÃ©s submitted by job applicants.
Baset reports that the UN failed to patch vulnerabilities in one of the WordPress CMS systems it uses to handle job applications. This would potentially allow anyone who chose to exploit the local path disclosure the ability to access the thousands of CVs people had submitted when they applied for a job with a UN agency.
The vulnerability was reported to the UN in August, but after getting the full bureaucratic runaround, Baset decided to go public with the flaw this week, and share a proof of concept video:
It wasn’t all long faces at the UN this week, however.
Members of the org had a moment of levity this morning when US President Donald Trump addressed the General Assembly. The Commander-in-Chief’s boasts of historic accomplishments at the helm of America sparked chuckling and guffawing by foreign diplomats witnessing his speech…
WATCH: Laughter in UN General Assembly as President Trump touts his administration’s progress in past 2 years: “Didn’t expect that reaction, but that’s OK.” pic.twitter.com/V7GViB5g4B
â NBC News (@NBCNews) September 25, 2018
A nice chuckle was had by most. Meanwhile, at last estimate, Trump was custodian to some 4,000 nuclear warheads. Â®