Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
Month: January 2017
Box.com plugs account data leakage flaw
Tom Spring writes: Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says it has “fixed” the issue. The problem…
TX: Letter notifies 23,000 NISD employees, students of email breach
Katrina Webber reports: The Northside Independent School District has sent letters to about 23,000 former and current students and employees regarding a security breach that might have put their personal information at risk. NISD spokesman Barry Perez said school district officials first got a hint about the trouble in August when it was discovered that…
This Crazy Ransomware Restores Your Files If You Read About Ransomware
Lee Mathews writes: We’ve seen some pretty dastardly ransomware pop up over the past couple of years. Popcorn Time decrypts your files for free if you pass the infection on to your friends. Jigsaw deletes some of your files every hour until you pay up. The Koolova ransomware put a whole new spin on things. Like Popcorn…
Ransomware Has Evolved, And Its Name Is Doxware
Chris Ensey writes that as entities try to defend themselves better against ransomware, criminals have come up with a new twist to make it more likely for their victims to pay up: Many companies have figured out that they can avoid paying these ransoms by wiping a system clean, restoring it with backup drives, and…
NH DHHS commissioner apologizes to families receiving breach notifications for deceased relatives
AP reports that New Hampshire’s health commissioner is offering an extra apology as his agency deals with a data breach that led to personal information of up to 15,000 people being posted online. The extra apology follows recent media coverage describing the emotional reaction of a woman who received a letter addressed to her son…