UN Aviation Agency ICAO Confirms Recruitment Database Security Breach

Hackers target a broad spectrum of organizations for their attacks, from telecom companies to hospitals. Their victim was United Nations this time.

Approximately, 42,000 records were stolen from the database of the United Nations' International Civil Aviation Organization (ICAO).

https://bit.ly/3PBiOVx

"The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database."

"According to Natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information.

Another threat actor said the leaked archive contains 2GB of files with information on 57,240 unique emails."

"'The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,' ICAO said."

"Threat actors also hacked UN networks in Vienna and Geneva in July 2019 using a Sharepoint exploit, gaining access to staff records, health insurance, and commercial contract data."

Apple to Pay Siri Users in Settlement Over Accidental Siri Privacy Violations

A: Does your mobile phone company listen to your private conversations?

B: Yes

A: Does your mobile phone company save your private conversations?

B: For sure.

A: Does your mobile phone company sell your private conversations to 3rd parties?

B: No doubt on that.

You think that I exaggerated it a little? Absolutely not. These are no allegations but the unfortunate truth on today's world. Most of us had the following conversation for sure at least once:

"I was talking about [cats] and [my phone/my app/my search engine] showed me [cat] products in its advertisements." (Which is exactly true.)

Apple recently agreed to pay $95 million to resolve a lawsuit. The lawsuit claimed that Apple's Siri assistant, which is activated by voice, SECRETLY RECORDED and SHARED users' private conversations.

After these things were discovered, Apple said they were sorry for not meeting their own high(?) standards. They also said they will delete any recordings that accidentally started Siri. (Oh, thank you for that.)

https://bit.ly/3WaISua

"Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant."

"The lawsuit was brought against Apple following a 2019 report from The Guardian that disclosed that third-party contractors were listening in on private conversations of its users issuing voice commands to Siri as part of its efforts to improve the quality of its product."

"Following the revelations, Apple apologized for not "fully living up to our high ideals" and subsequently introduced an opt-in to help Siri improve by learning from the audio samples of their requests. It also said it will remove any recording that's determined to be an inadvertent trigger of Siri."

"Google, which has also faced accusations with its voice assistant back in 2019, is battling a similar lawsuit in the U.S. District Court."

Sabotage of an Electricity Cable Between Finland and Estonia

Although we are mostly using wireless connections today, we are still highly reliant on physical environments in order to communicate with each other.

What I am trying to point out is that most of our heavy internet traffic travels over fiber cables buried under the ground and under the seas or oceans. It is not only about the IP network, it is about the availability of electricity. If there is no electricity, then there is also no internet. (Layer 1 availability is much more important than most people are aware of.)

An electricity cable between Finland and Estonia was sabotaged last week (25 Dec 2024), causing the operator of Finland's national grid (Estlink 2) to remain out of service. (The alleged perpetrators are members of the shadow fleet of Russia.)

The damaged cable had a transmission capacity of 650 megawatts and is 170km long (105 miles). Repairs are expected to take "several months." (Yes, critical infrastructure security is a major concern.)

Finnish police are investigating whether a Russian ship was involved in the sabotage.

https://bbc.in/4fHcFSh

"The authorities said on Thursday that they believe the anchor of the Eagle S, a tanker registered with the Cook Islands, may have damaged the Estlink 2 cable, which became disconnected on Wednesday (25 Dec 2024).

The vessel is thought to be part of Russia's 'shadow fleet', which is made up of ships that carry embargoed Russian oil products.

It is the latest in a series of incidents in recent years, in which underwater cables in the Baltic region have been either damaged or severed completely."

"The EU has threatened to impose further sanctions against Russia as a result of the incident and said it was 'strengthening efforts to protect undersea cables'.

'We strongly condemn any deliberate destruction of Europe's critical infrastructure,' the European Commission and the EU's foreign policy chief, Kaja Kallas, said in a joint statement."

"A telecommunications cable running between Finland and Germany was severed in November (2024), and an internet link between Lithuania and Sweden's Gotland Island stopped working at around the same time."

Texas Tech University Data Breach

 

Yet another breach by a hospital.

The impact is limited(!) with 1,4 million people this time. The attackers claimed that they have stolen 2,5 terabytes of data. (OMG!)

Given the critical nature of the healthcare sector, robust countermeasures against cyberattacks are essential.

Texas Tech University is notifying over 1.4 million individuals that their personal information was stolen in a ransomware attack targeting its Health Sciences Center and Health Sciences Center El Paso.

After reviewing the stolen data, the university determined that personal information such as names, addresses, dates of birth, driver’s license numbers, government ID numbers, and Social Security numbers were compromised.

Additionally, the attackers stole health insurance and medical information, including diagnosis and treatment details, and financial account information.

https://bit.ly/4ftH0DH

"After securing its systems, the university discovered that the attackers had access to its network from September 17 to September 29, 2024, and that they exfiltrated certain files and folders during that time."

"The university’s incident notice does not specifically say ransomware was used in the attack, but it does mention “temporary disruptions”, and the Interlock ransomware group has claimed responsibility for the incident.

In late October, the gang added Texas Tech University Health Sciences Center to its leak site, claiming the theft of roughly 2.5 terabytes of data, including patient information, medical research, and multiple SQL databases."

"However, Interlock is not the only ransomware group to claim an attack on Texas Tech University. In July, the Meow ransomware group was offering for sale five SQL databases allegedly containing emails, passwords, and other sensitive information from the university, along with a security vulnerability affecting the institution’s website."

BSI of Germany Disrupts BADBOX Malware

BSI of Germany did a really good job.

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.

Whether you shop online or in-store, choose your retailer wisely when buying smart TVs, mobile phones, or tablets

https://bit.ly/4gCMBIS

"...Impacted devices include digital picture frames, media players, and streamers, and likely phones and tablets."

'What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware,' the BSI said in a press release."

"Once connected to the internet, the malware embedded into the devices can collect a wide range of data such as authentication codes, and install additional malware."

"...'Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware.'

The BSI said that devices compromised by BADBOX are also capable of acting as a residential proxy service, allowing other threat actors to route their internet traffic through them while simultaneously evading detection. They could also be used to create online accounts on Gmail and WhatsApp."

"These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn't Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety..."

"Cybersecurity Bitsight, in an analysis published December 17, 2024, said it identified 192,000 BADBOX infected devices, citing telemetry data, with most of them traced back to Yandex 4K QLED TV and T963 Hisense smartphone. The top affected countries are Russia, China, India, Belarus, Brazil, and Ukraine."