Data Security, Breach

UN civil aviation agency breach toll confirmed, Arab aviation org compromised

The logo of the United Nations is seen in the General Assembly hall before heads of state begin to address the 76th Session of the U.N. General Assembly at UN Headquarters on September 21, 2021 in New York City. International and cyber policy experts are grappling with how much involvement private industry should have when it comes to shaping cyber...
(Photo by Eduardo Munoz-Pool/Getty Images)

Security Affairs reports that the United Nations' International Civil Aviation Organization has confirmed that data from 11,929 individuals were compromised a month after threat actor natohub claimed to exfiltrate 42,000 application records from its recruitment database between April 2016 and July 2024.

Information exposed by the incident included names, birthdates, email addresses, and employment history, said ICAO in an updated statement that emphasized the delivery of breach notices to impacted individuals. Such a development comes as the Arab Civil Aviation Organization was reported by Resecurity to have had its staff and members' records and credentials stolen following an attack that involved the exploitation of an SQL injection vulnerability in its web app. Included in the exfiltrated ACAO data leaked on the dark web earlier this week were logins, password hashes, emails, and communications referencing the Qatar Aircraft Accident and Incident Investigation Unit, Iran Civil Aviation Authority, Aviation Investigation Bureau of the Kingdom of Saudi Arabia, Jordan Civil Aviation Regulatory Commission, and Aviation Accident Investigation Division members, according to Resecurity.

Related

Reported UK-ordered iCloud encryption backdoor slammed

Implementation of a backdoor that would enable government access to Apple users' cloud storage data could set a precedent for authoritarian nation-states and threat actors, with Electronic Frontier Foundation's Thorin Klosowski noting the threat of a global emergency stemming from the secret order.

Extensive Israeli police breach alleged by Iran-linked hackers

Purportedly included in the exfiltrated information were officers' personal details and photos, gun licenses, email addresses, suspects' and criminals' personal data, sex offender employment permit details, and other classified documents, according to Handala, which also alleged the compromise of Israeli Ministry of National Security servers.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack VectorByteCipherCiphertextData AggregationData Encryption Standard (DES)Data Loss Prevention (DLP)DecryptionDigital EnvelopeDigital Signature Algorithm (DSA)

You can skip this ad in 5 seconds