F61B 4059 1ED5 3B39 86FA F164 ECEF 6072 135F B7B7

  1. MongoDB Databases Targeted in Ransomware Attacks [again] , facilitated by unprotected admin accounts
    - “According to MongoDB’s Senior Director of Product Security, the ransomware attacks that recently targeted MongoDB databases were successful because administrator account passwords had not been set. MongoDB plans to strengthen security policies in the upcoming MongoDB 3.6.0 release.”
    ref: www.sans.org/newsletters/newsbites/xix/71#300 , www.sans.org/newsletters/newsbites/xix/72#301
    - And advice from the MongoDB themselves on what to do about it and how to secure your installation:
    1. www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data
    2. www.mongodb.com/blog/post/update-how-to-avoid-a-malicious-attack-that-ransoms-your-data
  2. NIST SP 1800-11 – Data Integrity: Recovering from Ransomware and Other Destructive Events
    - This 3-volume special publication “demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event” and includes: a. Executive summary, b. Approach, architecture and security characteristics, and c. How-to guides
    ref: www.sans.org/newsletters/newsbites/xix/71#301
  3. ‘;—have i been pwned?
    - Verify if your email/username was in LinkedIn, Dropbox, MySpace, etc. breaches and your need to change your password (or take other appropriate action)

Next month (October) is Cyber Security Awareness Month. Look out for our next post with more information and resources…