MongoDB Ransomware Hack – What Did We Learn?

Early on Jan. 9, about 12,000 MongoDB database servers were compromised. Later the number rose to 28,000 servers.  As many as 46,000 servers are vulnerable to this attack.

A cyber-criminal using the alias “Harak1r1” exploited a weakness in the default installation of the popular database solution, MongoDB.  He demanded a 0.2BTC ransom ($220) to return the data he exfiltrated from thousands of victim systems.  Older installations of MongoDB that were deployed via cloud hosting services in an insecure default configuration were ...

Continue Reading →
27
JAN
0

cybersecurity, passwords, ransomware, Web Design

FTC Sues D-Link Over Poor Security

We have complained in this blog about the plethora of Internet connected IoT devices that are being sold without anything approaching meaningful security to an unsuspecting public. A notable exploitation of IoT devices was behind the Mirai botnet, which shut down significant parts of the Internet for a couple of days.

But other disasters await, for instance, the easy access of web cams from the ...

Continue Reading →
25
JAN
0

Computers and Internet, cybersecurity, Internet of Things, law and policy

Beyond the Kill Chain – Active Defense

I have been working my way through a Cybrary course titled ” Incident Response and Advanced Forensics.”  In it I came across the following slide, and what interested me was how it juxtaposed the Lockheed-Martin Cyber Kill Chain against a lower row of defensive tactics.  The last option, hidden beneath the instructor’s image, is “Destroy.”

Where did this intriguing ...

Continue Reading →
23
JAN
0

Computers and Internet, cybersecurity, law and policy

The Best Defense

Is a good offense?  If you or your company has been a victim of cyber-crime, I am sure you have had fantasies about back-hacking the perpetrators back to the stone age.  Or having some sort of magic button phone app that would do the same thing.

Currently, the bad guys are running the offense, 24/7/365.  The good guys are limited to defense only.  There ...

Continue Reading →
20
JAN
0

Computers and Internet, cybersecurity, law and policy

,

New European Regulations Could Affect Your Business.

On May 25 2018, new regulations will go into effect in the European Union called the General Data Protection Regulation (GDPR).  If you are doing business in Europe, this will affect your business.  If your website collects personal information and other data from European site visitors or customers, this will affect your business.

The Europeans take personal privacy, especially online privacy, much ...

Continue Reading →
18
JAN
0

Computers and Internet, cybersecurity, encryption, Identity Theft, law and policy, News and politics

Why The Bad Guys Love Ransomware

Crypto-ransomware continues to be one of the most popular money making exploits for cyber criminals.  The reason for this is simple; its works, and the return on investment is quite high.  According to a recent article in Naked Security, the score will reach $1 billion in 2017.

A poll by the IBM company found that nearly 50% of the businesses polled had been hit by ransomware, and of those 70% ...

Continue Reading →
16
JAN
0

Computers and Internet, cybersecurity, encryption, malware, Phishing, Security

Sunday Funnies – British Tech Slang

Thanks to Quartz for this list.  I have posted just the tech slang, so be sure to click through for the full list.

  • Baklava code
    A piece of code that has too many layers, borrowing its name from the multi-layered, sweet pastry.
  • RTFM, PICNIC
    Two acronyms deployed by frustrated tech support workers when dealing with customers flummoxed by simple problems. RTFM is code for “read the freaking manual,” while PICNIC refers to “problem in chair, not in computer.”
  • Angry fruit salad
Continue Reading →
15
JAN
0

Sunday Funnies

Netgear Routers Will Need Firmware Update.

If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection.  This is a security bug that could allow a remote attacker to access your router.  This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.

Vulnerabilities such as this ...

Continue Reading →
13
JAN
1

Computers and Internet, cybersecurity, Internet of Things, Security, Software vulnerability

,

Start Your Cybersecurity Plan

There are a number of great frameworks for developing your cybersecurity plan.  Two of our favorites are the NIST-CSF and the 20 CIS Controls.  We have written about these excellent tools before here (CIS Controls) and here (NIST-CSF).

Back in December we received an email from Pete Herzog of ISECOM about a new, open-source methodology manual for cybersecurity ...

Continue Reading →
11
JAN
0

Computers and Internet, cybersecurity, education

, , ,

Page 178 of 273 «...150160170176177178179180...»