Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…
Category: Commentaries and Analyses
Lithuanian watchdog issues first GDPR fine
Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
Hacktivist attacks dropped by 95% since 2015
Catalin Cimpanu reports: Threat intelligence analysts have long said that hacktivism was dead but new data published by IBM X-Force today confirms the complete collapse of hacktivism scene, with activity levels going down by 95% since 2015. According to IBM, security incidents caused by hacker groups operating under hacktivism causes has been on a decline…
Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
Renee Dudley and Jeff Kao report that two firms that advertised technology solutions to responding to ransomware incidents — Proven Data Recovery of Elmsford, New York and Florida-based MonsterCloud – were really just paying ransom to the attackers. Read more on ProPublica. I suspect that ransom payments have been the dirty little secret for the…
In today’s installment of “How Not to Respond to a Breach,” we give you Paterson Public Schools
From the for-the-love-of-a-free-press-would-someone-PLEASE-teach-these-people-about-the-first-amendment? dept. Earlier this week, this site noted reporting by Paterson Times about an alleged breach involving the Paterson Public Schools in New Jersey. We also picked up a follow-up report that covered some… um…unexpected claims by the District as to how many threat actors might be involved and whether it was a…
Medical Insurance Fraud: Doctors’ identity info for sale on dark web marketplace
There have been numerous estimates over the years about how much a patient’s information sells for on dark web marketplaces. But what about a doctor’s information? If you had the necessary documentation on a physician who could bill electronically for their services, how much could you make by sending fraudulent bills to Medicare or insurers?…