C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

  1. MongoDB Databases Targeted in Ransomware Attacks [again] , facilitated by unprotected admin accounts
    - “According to MongoDB’s Senior Director of Product Security, the ransomware attacks that recently targeted MongoDB databases were successful because administrator account passwords had not been set. MongoDB plans to strengthen security policies in the upcoming MongoDB 3.6.0 release.”
    ref: www.sans.org/newsletters/newsbites/xix/71#300 , www.sans.org/newsletters/newsbites/xix/72#301
    - And advice from the MongoDB themselves on what to do about it and how to secure your installation:
    1. www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data
    2. www.mongodb.com/blog/post/update-how-to-avoid-a-malicious-attack-that-ransoms-your-data
  2. NIST SP 1800-11 – Data Integrity: Recovering from Ransomware and Other Destructive Events
    - This 3-volume special publication “demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event” and includes: a. Executive summary, b. Approach, architecture and security characteristics, and c. How-to guides
    ref: www.sans.org/newsletters/newsbites/xix/71#301
  3. ‘;—have i been pwned?
    - Verify if your email/username was in LinkedIn, Dropbox, MySpace, etc. breaches and your need to change your password (or take other appropriate action)

Next month (October) is Cyber Security Awareness Month. Look out for our next post with more information and resources…