Leaked documents reveal that three United Nations agencies were hacked last year by exploitation of a Microsoft SharePoint vulnerability. The attack began in July and was detected in early August, at which point a confidential memo on remediation was circulated internally. According to the AP and Computing forty servers in Vienna and Geneva were compromised, and the UN Office at Vienna, the UN Office at Geneva, and the UN Office of the High Commissioner for Human Rights (also in Geneva) were hit. The New Humanitarian, which obtained the leaked documents, calls the UN’s response a “cover-up.”
Avast was roughed up this week by reputational damage when the anti-virus company’s sale of anonymized data through its Jumpshot subsidiary came to light. Avast announced late yesterday that it would immediately shutter Jumpshot.
More companies suffer data exposure incidents. Indian airline SpiceJet had data on 2.1 million passengers in a database secured by what TechCrunch’s report characterizes as an easily guessed password that was brute-forced by unnamed, self-described white hats. KrebsOnSecurity found that Sprint’s Social Care forum, a place for customers to address issues with the telco, was inadvertently left exposed. Both SpiceJet and Sprint have secured their sites.
CNET reports that LiveRamp, a major marketing company and Facebook partner, was compromised when hackers obtained an employee’s personal account and used it to gain access to a Business Manager account, which they exploited to run fraudulent advertising.
Russia has blocked ProtonMail and StartMail, Computing reports, as Moscow clamps down on encrypted communications.