Tag Archive for: Weekend

MongoDB issues weekend warning of breach • The Register


Infosec in brief MongoDB on Saturday issued an alert warning of “a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information.”

At the time of posting, the NoSQL pioneer advised it was “not aware of any exposure to the data that customers store in MongoDB Atlas.” Atlas is the provider’s multi-cloud database-as-a-service offering.

MongoDB nonetheless recommended customers “be vigilant for social engineering and phishing attacks, activate phishing-resistant multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords.”

That advice appears to have been heeded: an update to MongoDB’s advisory warned customers of “a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal.” That spike was unrelated to the security incident, and customers were asked to “try again in a few minutes if you are still having trouble logging in.” – Simon Sharwood

Critical vulnerabilities: The not-patch-Tuesday list

As is usually the case this time of month, the most pressing vulnerabilities of recent days were revealed/patched in Patch Tuesday releases. That said, there’s still a few critical vulnerabilities to mention in the ICS world – they’ve gotta have a patch day too, right?

  • CVSS 9.8 – So many CVEs: Siemens SIMATIC S7-1500 CPU PLCs have a whopping 404 vulnerabilities in all versions of their software prior to 3.1.0 that can lead to information disclosure, tampering and DoS. Best patch ASAP.
  • CVSS 9.8 – CVE-2023-6448: Unitronics Vision Series PLCs running VisiLogic prior to v9.9.00 are all coded with default administrator passwords, which could let an attacker take control with ease.
  • CVSS 9.1 – Multiple CVEs: Siemens SCALANCE M-800 and S615 family ICS switches contain a number of vulnerabilities that could allow an attacker to inject code or spawn a system root shell.
  • CVSS 8.1 – Multiple CVEs: Siemens’s SINEC industrial network management software contains a number of vulnerabilities that could allow an attacker to trigger DoS, intercept…

Source…

Cyber-security hacking tournament held at RIT this weekend



Henrietta, N.Y. — The brightest student minds in cyber-security will be spending this weekend on the campus of RIT. The top 15 collegiate teams are completing in what is called ethical hacking.

Source…

Weekend Gamer: Abandoning Home Internet


I no longer have home internet. I was paying $35, then $50 a month, for home internet with a DSL company, which I won’t mention its name… but they’re nationwide. Internet was slow at 3 mbps, but it was fine for what I was doing. I wasn’t streaming HD videos (I still buy Blurays) or doing live streams.

For the first time, I decided to abandon home DSL internet. All this was made possible when I was getting unlimited data on my phone, via Visible, a company by Verizon. I know many people have problems with Visible, but I’ve been using them for over a year, and it works for me.

Of course, leaving home internet, there will be some drawbacks. None of my “internet of things” devices will work correctly now. For example “smart screens” or internet security cameras. You can still access the camera using a local network (that’s not connected to the internet), as long as you are signed into that local network. Still, it’s not convenient and these constantly connected devices won’t work properly.

The other drawback is that Visible only allows you to connect one device to your phone, using your phone’s hotspot or tethering method. I suggest you read Visible’s website for details about its hotspot restrictions…. however, you can get around the one device limit by using an iPhone (Apple uses a different method to connect devices that bypass Visible’s restriction). So in November 2021, I purchased the iPhone 13, and have been very happy with both the device and my ability to connect multiple devices.

Speaking of hotspot, there is a 5 mbps cap when you tether. That’s still faster than my old DSL service! I found that, especially when I upload files, it’s much faster than DSL.

Pricing for Visible, right now, is $25 a month for unlimited talk, text, and data. Starting in October, they are changing their prices to $30 or $45, which I previously mentioned in Sep 2022. Hey, even at the more expensive $45 (which promises a faster network and expanded network), I might be willing to pay more, especially if now I am paying for both a phone and personal internet combined. Even at $45, it would still be cheaper than my ex-DSL service.

My other…

Source…

The Taliban’s access to data. Bangkok Airways discloses data breach. FBI and CISA urge vigilance during Labor Day weekend.


The Taliban’s access to data.

The Taliban’s seizure of HIIDE (Handheld Interagency Identity Detection Equipment) biometric registration and identification devices aroused concern when it was first reported, but the risks of that loss, while real, seem likely to be limited. MIT Technology Review argues that a more serious matter is the insurgent government’s acquisition of APPS, the Afghan Personnel and Pay System used by the deposed government’s Ministries of Defense and the Interior. APPS data were unprotected by retention or deletion policies and was presumably seized intact.

Phorpiex botnet shuts down.

The Record reports that the Phorpiex botnet has shut down, and researchers at Cyjax have found that the botnet’s proprietors are offering the source code for sale. If you’re in the market, not that you would be, know that Phorpiex has a mixed reputation in the underworld. It’s been profitable, with its spam module and ability to hijack cryptocurrency clipboards being consistent moneymakers. Phorpiex has also hired its botnet out for use by ransomware operators, among them Avaddon, a gang that’s recently gone into occultation. On the other hand Phorpiex’s own security has tended toward the slipshod, with other criminals able to either uninstall it or substitute their own payloads for those the proprietors intended.

Bangkok Airways discloses data breach.

Bangkok Airways disclosed that it’s been the victim of an attack that compromised passengers’ personal information, including name, “nationality, gender, phone number, email, address, contact information, passport information, historical travel information, partial credit card information, and special meal information.” ZDNet reports that the LockBit ransomware gang has claimed responsibility and threatened to release information if their ransom demands aren’t met. That data dump, the Register wrote Tuesday, has begun, as Bangkok Airways refused to pay the ransom. The size of the data dump is assessed variously as between 103GB and more than 200GB.

BleepingComputer reports that the gang also claims to have used credentials stolen from Accenture to access and encrypt files at an unnamed airport. That last brag, however, seems not to be…

Source…