New AI “agents” could hold people for ransom in 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. Uhh, again, that is. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its...

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...

Unraveling Real-Life Attack Paths – Key Lessons Learned

In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired...

Insecure password leads to Mangatoon data breach

The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesnt seem to be responding to messages from the breacher, or people notifying it that the...

Data Pours from Cloud—And ‘The Enemy is Us’

Accenture, Verizon, Dow Jones and Deep Root Analytics are just the tip of the iceberg when it comes to the millions of private records and sensitive enterprise data exposed on cloud backends this year. And the problem is getting worse not better. “The enemy is us,” said Chris Vickery, director of...

Are All Ransom Attacks Considered Ransomware?

Ransomware has loomed large in the news of late. It seems to be around every turn, and it’s not going anywhere. The untraceability of Bitcoin payments, coupled with new blackhat tools available to anyone at little if any cost, means extortion attempts will continue to grab headlines worldwide. Bu...

Children's Voice Messages Leaked in CloudPets Database Breach

More than two million voice messages, many of them from children, along with the personal information of more than 800,000 registered users was swiped from an exposed MongoDB instance storing data collected from a internet-connected toy called CloudPets. These IP-enabled teddy bears allow childre...

Open Databases a Juicy Extortion Target

Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from ones of opportunity to full-scale automated and...

Protect your data from ransom attacks

I wanted to bring attention to two blog posts we have done recently in response to the recent set of data ransom attacks affecting Elasticsearch and other systems. The two are: For Elasticsearch: Protecting Against Attacks that Hold Your Data for Ransom For Kibana: Guarding Kibana from Data...