54BD 783A 27D2 85C1 C46D 5A02 3651 ADE3 E402 9FC2

  1. MongoDB Databases Targeted in Ransomware Attacks [again] , facilitated by unprotected admin accounts
    - “According to MongoDB’s Senior Director of Product Security, the ransomware attacks that recently targeted MongoDB databases were successful because administrator account passwords had not been set. MongoDB plans to strengthen security policies in the upcoming MongoDB 3.6.0 release.”
    ref: www.sans.org/newsletters/newsbites/xix/71#300 , www.sans.org/newsletters/newsbites/xix/72#301
    - And advice from the MongoDB themselves on what to do about it and how to secure your installation:
    1. www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data
    2. www.mongodb.com/blog/post/update-how-to-avoid-a-malicious-attack-that-ransoms-your-data
  2. NIST SP 1800-11 – Data Integrity: Recovering from Ransomware and Other Destructive Events
    - This 3-volume special publication “demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event” and includes: a. Executive summary, b. Approach, architecture and security characteristics, and c. How-to guides
    ref: www.sans.org/newsletters/newsbites/xix/71#301
  3. ‘;—have i been pwned?
    - Verify if your email/username was in LinkedIn, Dropbox, MySpace, etc. breaches and your need to change your password (or take other appropriate action)

Next month (October) is Cyber Security Awareness Month. Look out for our next post with more information and resources…