How
hard is it to follow the instructions for creating secure
installations?
Hacker
Left Ransom Notes on 22,900 Exposed MongoDB Databases
NoSQL
databases like MongoDB, that are widely used in online applications,
are subject to several risks and can lead to a data breach if not
configured properly. In June, the ZDNet security team found a hacker
using an automated script to scan for misconfigured MongoDB
databases.
The
hacker uploaded ransom notes on approximately 22,900 unsecured
MongoDB
databases left
exposed online, which is roughly
47% of all MongoDB databases accessible online.
- The hacker was giving companies two days to pay and threatened to leak their data and then contact the victim's relevant local General Data Protection Regulation (GDPR) enforcement authority to report their data leak.
It’s
not war, yet. Care to guess what November will bring?
Trump
confirms 2018 US cyberattack on Russian troll farm
… Trump
confirmed the attack in a two-part
interview with
The Washington Post’s Marc Thiessen. When asked whether the U.S.
had launched an attack on the IRA — a troll farm that led the
effort to spread disinformation around the 2016 presidential election
and 2018 midterm elections — Trump said that was “correct.”
The
cyberattack, first reported
by The Washington Post in
2019 but not confirmed publicly by the Trump administration, involved
U.S. Cyber Command disrupting internet access for the building in St.
Petersburg that houses the IRA on the night of the U.S. 2018 midterm
elections, halting efforts to spread disinformation as Americans went
to the polls.
Does
this eventually lead to the fall of a government? Implications for
China and other countries?
By
the Intel 471 Global Research Team:
In the last decade, Iran has undergone a quiet revolution. Since the“Green Movement” uprising in 2009, more Iranians have dared to openly oppose their regime. The reasons include accusations of elections tampering, global sanctions, increased inflation, heavy investment of state funds in the nuclear and arming programs, and ambitious regional policies in Lebanon, Syria, Iraq, Yemen and others, amid a deteriorating socioeconomic situation of the average Iranian.
There was a lot of talk in the past about Iran’s espionage measures and offensive cyber activities targeting other countries. However, growing domestic unrest prompted the Iranian regime to invest more resources in developing espionage capabilities aimed against its own citizens. Additionally, the regime carried out tough measures against civil uprisings such as cutting off the internet in the country for long periods of time and killing hundreds of protestors.
During the past year, a number of online activists have leaked what they claim to be inside information about the regime’s surveillance methods, in an attempt to expose the unethical tactics used by Iranian security forces.
Read
more on Intel471.
Why
phishing works.
95%
of Brits Unable to Consistently Identify Phishing Messages
Just
5% of Brits are able to recognize all scam emails and texts, a study
from Computer
Disposals Limited has
found.
What
happens when software is declared ‘evil?’
‘It
Would Be Like Losing a Little Bit of Me’: TikTok Users Respond to
Potential U.S. Ban
Gen
Z and millennial users have found community on the app, particularly
during the last few isolating months. And for some of them, it’s
their livelihood.
Privacy?
Not likely.
CBP
says it’s ‘unrealistic’ for Americans to avoid its license
plate surveillance
U.S.
Customs and Border Protection has
admitted that there is no practical way for Americans to avoid having
their movements tracked by its license plate readers, according to
its latest privacy assessment.
CBP
published its
new assessment —
three years after its first — to notify the public that it plans to
tap into a commercial database, which aggregates license plate data
from both private and public sources, as part of its border
enforcement efforts.
… CBP
struck a
similar tone in
2017 during a trial that scanned the faces of American travelers as
they departed the U.S., a move that drew ire from civil liberties
advocates at the time. CBP told Americans that travelers who wanted
to opt-out of the face scanning had to “refrain from traveling.”
The
document added that the privacy risk to Americans is “enhanced”
because the agency “may access [license plate data] captured
anywhere in the United States,” including outside
of the 100-mile border zone within
which the CBP typically operates.
Beware
the dreaded swath!
Off
to the Races for Enforcement of California’s Privacy Law
Yesterday,
the California Attorney General’s office confirmed that it has
begun sending a “swath” of enforcement notices to companies
across sectors who are allegedly violating the California Consumer
Privacy Act (CCPA), swiftly beginning enforcement right on the July
1st enforcement date.
… In
an IAPP-led webinar, “CCPA
Enforcement: Enter the AG,”
Stacey Schesser, California’s Supervising Deputy Attorney General,
confirmed details about the first week of CCPA enforcement. Below,
we provide 1) key takeaways from that conversation; 2) discuss the
role of the draft regulations; and 3) observe that the successes or
failures of AG enforcement will directly influence debates over other
legislative efforts outside of California. Meanwhile, AG enforcement
will almost certainly bolster public awareness and support for the
California Privacy Rights Act (CPRA) or “CCPA 2.0” ballot
initiative in November 2020.
The
direction everyone is taking…
Supreme
Court gives nod for summons and legal notices to be sent via digital
platforms
This
order marks as a huge step towards digitisation of Indian legal
proceedings, where notices and summons used to be sent either by mail
or delivered in person.
A
collection of resources.
Natural
language processing: A cheat sheet
… NLP
is a complicated field that one can spend years studying. This guide
contains the basics about NLP, details how it can benefit businesses,
and explains where to get started with its implementation.
Because, work
from home...
How
to Collaborate on Word Documents Online
Earlier
this week I received an email from a reader who wanted to know how
her students could see and comment on Google Docs if they only had
Microsoft
365 accounts.
While that could be done with a couple of clever workarounds, the
simpler solution is to just use Word
online.
Just
like with Google Docs, with Word online you can share documents,
comment on documents, and make editing suggestions. And a bonus
feature is being able to set passwords and expiration dates on shared
Word documents. In the following short video I demonstrate how to
collaborate on Word documents online.
