Saturday, July 11, 2020


How hard is it to follow the instructions for creating secure installations?
Hacker Left Ransom Notes on 22,900 Exposed MongoDB Databases
NoSQL databases like MongoDB, that are widely used in online applications, are subject to several risks and can lead to a data breach if not configured properly. In June, the ZDNet security team found a hacker using an automated script to scan for misconfigured MongoDB databases.
The hacker uploaded ransom notes on approximately 22,900 unsecured MongoDB databases left exposed online, which is roughly 47% of all MongoDB databases accessible online.
  • The hacker was giving companies two days to pay and threatened to leak their data and then contact the victim's relevant local General Data Protection Regulation (GDPR) enforcement authority to report their data leak.




It’s not war, yet. Care to guess what November will bring?
Trump confirms 2018 US cyberattack on Russian troll farm
Trump confirmed the attack in a two-part interview with The Washington Post’s Marc Thiessen. When asked whether the U.S. had launched an attack on the IRA — a troll farm that led the effort to spread disinformation around the 2016 presidential election and 2018 midterm elections — Trump said that was “correct.”
The cyberattack, first reported by The Washington Post in 2019 but not confirmed publicly by the Trump administration, involved U.S. Cyber Command disrupting internet access for the building in St. Petersburg that houses the IRA on the night of the U.S. 2018 midterm elections, halting efforts to spread disinformation as Americans went to the polls.




Does this eventually lead to the fall of a government? Implications for China and other countries?
By the Intel 471 Global Research Team:
In the last decade, Iran has undergone a quiet revolution. Since the“Green Movement” uprising in 2009, more Iranians have dared to openly oppose their regime. The reasons include accusations of elections tampering, global sanctions, increased inflation, heavy investment of state funds in the nuclear and arming programs, and ambitious regional policies in Lebanon, Syria, Iraq, Yemen and others, amid a deteriorating socioeconomic situation of the average Iranian.
There was a lot of talk in the past about Iran’s espionage measures and offensive cyber activities targeting other countries. However, growing domestic unrest prompted the Iranian regime to invest more resources in developing espionage capabilities aimed against its own citizens. Additionally, the regime carried out tough measures against civil uprisings such as cutting off the internet in the country for long periods of time and killing hundreds of protestors.
During the past year, a number of online activists have leaked what they claim to be inside information about the regime’s surveillance methods, in an attempt to expose the unethical tactics used by Iranian security forces.
Read more on Intel471.




Why phishing works.
95% of Brits Unable to Consistently Identify Phishing Messages
Just 5% of Brits are able to recognize all scam emails and texts, a study from Computer Disposals Limited has found.




What happens when software is declared ‘evil?’
It Would Be Like Losing a Little Bit of Me’: TikTok Users Respond to Potential U.S. Ban
Gen Z and millennial users have found community on the app, particularly during the last few isolating months. And for some of them, it’s their livelihood.




Privacy? Not likely.
CBP says it’s ‘unrealistic’ for Americans to avoid its license plate surveillance
U.S. Customs and Border Protection has admitted that there is no practical way for Americans to avoid having their movements tracked by its license plate readers, according to its latest privacy assessment.
CBP published its new assessment — three years after its first — to notify the public that it plans to tap into a commercial database, which aggregates license plate data from both private and public sources, as part of its border enforcement efforts.
CBP struck a similar tone in 2017 during a trial that scanned the faces of American travelers as they departed the U.S., a move that drew ire from civil liberties advocates at the time. CBP told Americans that travelers who wanted to opt-out of the face scanning had to “refrain from traveling.”
The document added that the privacy risk to Americans is “enhanced” because the agency “may access [license plate data] captured anywhere in the United States,” including outside of the 100-mile border zone within which the CBP typically operates.




Beware the dreaded swath!
Off to the Races for Enforcement of California’s Privacy Law
Yesterday, the California Attorney General’s office confirmed that it has begun sending a “swath” of enforcement notices to companies across sectors who are allegedly violating the California Consumer Privacy Act (CCPA), swiftly beginning enforcement right on the July 1st enforcement date.
In an IAPP-led webinar, “CCPA Enforcement: Enter the AG,” Stacey Schesser, California’s Supervising Deputy Attorney General, confirmed details about the first week of CCPA enforcement. Below, we provide 1) key takeaways from that conversation; 2) discuss the role of the draft regulations; and 3) observe that the successes or failures of AG enforcement will directly influence debates over other legislative efforts outside of California. Meanwhile, AG enforcement will almost certainly bolster public awareness and support for the California Privacy Rights Act (CPRA) or “CCPA 2.0” ballot initiative in November 2020.




The direction everyone is taking…
Supreme Court gives nod for summons and legal notices to be sent via digital platforms
This order marks as a huge step towards digitisation of Indian legal proceedings, where notices and summons used to be sent either by mail or delivered in person.




A collection of resources.
Natural language processing: A cheat sheet
NLP is a complicated field that one can spend years studying. This guide contains the basics about NLP, details how it can benefit businesses, and explains where to get started with its implementation.




Because, work from home...
How to Collaborate on Word Documents Online
Earlier this week I received an email from a reader who wanted to know how her students could see and comment on Google Docs if they only had Microsoft 365 accounts. While that could be done with a couple of clever workarounds, the simpler solution is to just use Word online.
Just like with Google Docs, with Word online you can share documents, comment on documents, and make editing suggestions. And a bonus feature is being able to set passwords and expiration dates on shared Word documents. In the following short video I demonstrate how to collaborate on Word documents online.



No comments: