Bradley Barth reports: Cyber-attacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a 17 May blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data…
Millions of Instagram influencers had their private contact data scraped and exposed
Zack Whittaker reports: A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but…
Louisville Regional Airport Authority hit by ‘ransomware’ attack
WDRB has only a short item on this, but reportedly no ransom has been paid and the airport is restoring from backup. Operations and security systems were reportedly not impacted.
After threatening lawsuit, Shafer now says she did not intend to sue Paterson Times for exposing data breach
Jayed Rahman of the Paterson Times is likely loving work these days, with the Paterson schools giving the paper — and the reporter — lots of imprudent statements to report on. In today’s installment, it sounds like the district’s superintendent is walking back a perceived threat to sue the paper for basically committing journalism. After…
Canadian company pleads guilty to peddling vast database of personal information
The Canadian Press reports: The RCMP says a Canadian-based company that peddled an illicit trove of 1.5 billion user names and associated passwords has pleaded guilty to criminal charges. In a news release, the Mounties say Defiant Tech Inc. admitted in court Friday to trafficking in identity information and possession of property obtained by crime…
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…