Researchers from the research group “Sakura Samurai” have disclosed their findings regarding a vulnerability that let them access the private data of 100,000+ United Nations Environment Programme (UNEP) employees. In their disclosure, Sakura Samurai discussed the flaws impacting UN systems, which consisted of a series of exposed git directories and git credential files. These exposed git files contained sensitive WordPress configuration information, such as administrator database credentials. With these credentials, the researchers were able to log in to the database server and access information regarding over 100,000 employees.
Analyst Notes
As this vulnerability occurred due to poorly secured git servers containing configuration files that include credentials for other servers, it is a good reminder to carefully control access to any source code repositories, regularly audit the contents of repositories to find any API keys or passwords that should not be in git, and monitor logins and access patterns to detect unauthorized access. WordPress configuration weaknesses are another very common problem that threat actors take advantage of, so Binary Defense recommends taking some of the steps mentioned in this article: https://www.wordfence.com/learn/how-to-harden-wordpress-sites/#securing-your-database including the following:
• Moving your wp-config.php file above your web root, making it inaccessible.
• Ensuring that wp-config.php ends in .php and cannot be viewed by unwanted attackers.
Additionally, Binary Defense recommends employing a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force, to quickly take action if an intrusion is detected on servers or workstations.
Source article: https://www.bleepingcomputer.com/news/security/united-nations-data-breach-exposed-over-100k-unep-staff-records/
