UN Aviation Agency ICAO Confirms Recruitment Database Security Breach

Hackers target a broad spectrum of organizations for their attacks, from telecom companies to hospitals. Their victim was United Nations this time.

Approximately, 42,000 records were stolen from the database of the United Nations' International Civil Aviation Organization (ICAO).

https://bit.ly/3PBiOVx

"The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database."

"According to Natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information.

Another threat actor said the leaked archive contains 2GB of files with information on 57,240 unique emails."

"'The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,' ICAO said."

"Threat actors also hacked UN networks in Vienna and Geneva in July 2019 using a Sharepoint exploit, gaining access to staff records, health insurance, and commercial contract data."

Apple to Pay Siri Users in Settlement Over Accidental Siri Privacy Violations

A: Does your mobile phone company listen to your private conversations?

B: Yes

A: Does your mobile phone company save your private conversations?

B: For sure.

A: Does your mobile phone company sell your private conversations to 3rd parties?

B: No doubt on that.

You think that I exaggerated it a little? Absolutely not. These are no allegations but the unfortunate truth on today's world. Most of us had the following conversation for sure at least once:

"I was talking about [cats] and [my phone/my app/my search engine] showed me [cat] products in its advertisements." (Which is exactly true.)

Apple recently agreed to pay $95 million to resolve a lawsuit. The lawsuit claimed that Apple's Siri assistant, which is activated by voice, SECRETLY RECORDED and SHARED users' private conversations.

After these things were discovered, Apple said they were sorry for not meeting their own high(?) standards. They also said they will delete any recordings that accidentally started Siri. (Oh, thank you for that.)

https://bit.ly/3WaISua

"Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant."

"The lawsuit was brought against Apple following a 2019 report from The Guardian that disclosed that third-party contractors were listening in on private conversations of its users issuing voice commands to Siri as part of its efforts to improve the quality of its product."

"Following the revelations, Apple apologized for not "fully living up to our high ideals" and subsequently introduced an opt-in to help Siri improve by learning from the audio samples of their requests. It also said it will remove any recording that's determined to be an inadvertent trigger of Siri."

"Google, which has also faced accusations with its voice assistant back in 2019, is battling a similar lawsuit in the U.S. District Court."

Sabotage of an Electricity Cable Between Finland and Estonia

Although we are mostly using wireless connections today, we are still highly reliant on physical environments in order to communicate with each other.

What I am trying to point out is that most of our heavy internet traffic travels over fiber cables buried under the ground and under the seas or oceans. It is not only about the IP network, it is about the availability of electricity. If there is no electricity, then there is also no internet. (Layer 1 availability is much more important than most people are aware of.)

An electricity cable between Finland and Estonia was sabotaged last week (25 Dec 2024), causing the operator of Finland's national grid (Estlink 2) to remain out of service. (The alleged perpetrators are members of the shadow fleet of Russia.)

The damaged cable had a transmission capacity of 650 megawatts and is 170km long (105 miles). Repairs are expected to take "several months." (Yes, critical infrastructure security is a major concern.)

Finnish police are investigating whether a Russian ship was involved in the sabotage.

https://bbc.in/4fHcFSh

"The authorities said on Thursday that they believe the anchor of the Eagle S, a tanker registered with the Cook Islands, may have damaged the Estlink 2 cable, which became disconnected on Wednesday (25 Dec 2024).

The vessel is thought to be part of Russia's 'shadow fleet', which is made up of ships that carry embargoed Russian oil products.

It is the latest in a series of incidents in recent years, in which underwater cables in the Baltic region have been either damaged or severed completely."

"The EU has threatened to impose further sanctions against Russia as a result of the incident and said it was 'strengthening efforts to protect undersea cables'.

'We strongly condemn any deliberate destruction of Europe's critical infrastructure,' the European Commission and the EU's foreign policy chief, Kaja Kallas, said in a joint statement."

"A telecommunications cable running between Finland and Germany was severed in November (2024), and an internet link between Lithuania and Sweden's Gotland Island stopped working at around the same time."