Bradley Barth reports: Cyber-attacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a 17 May blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data…
Category: Commentaries and Analyses
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…
Lithuanian watchdog issues first GDPR fine
Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
Hacktivist attacks dropped by 95% since 2015
Catalin Cimpanu reports: Threat intelligence analysts have long said that hacktivism was dead but new data published by IBM X-Force today confirms the complete collapse of hacktivism scene, with activity levels going down by 95% since 2015. According to IBM, security incidents caused by hacker groups operating under hacktivism causes has been on a decline…
Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
Renee Dudley and Jeff Kao report that two firms that advertised technology solutions to responding to ransomware incidents — Proven Data Recovery of Elmsford, New York and Florida-based MonsterCloud – were really just paying ransom to the attackers. Read more on ProPublica. I suspect that ransom payments have been the dirty little secret for the…
In today’s installment of “How Not to Respond to a Breach,” we give you Paterson Public Schools
From the for-the-love-of-a-free-press-would-someone-PLEASE-teach-these-people-about-the-first-amendment? dept. Earlier this week, this site noted reporting by Paterson Times about an alleged breach involving the Paterson Public Schools in New Jersey. We also picked up a follow-up report that covered some… um…unexpected claims by the District as to how many threat actors might be involved and whether it was a…