A selection of this week’s more interesting vulnerability disclosures and cyber security news. Interesting week once again. I will skip any comment on AMD and Facebook, way too much said already and some links below, what I will pick out from my trove of reports are some interesting insights to where bad actors are finding information to use. The first up is an amusing experiment with MongoDB. The interesting facts are that while it was scanned by a number of endpoints, none bothered to progress to attack until it appeared on Shodan. Can we assume from this that attackers focus on a narrow range of targets that match their skill set rather than have a go at anything they can find?

Another project fishing for IAM abuse also finds similar patterns. Attackers interested in certain types of information limit their scopes, again, to a narrow selection of sources.

A curious breach too with this one. We all hear that cryptocurrency mining is now the preference for bad actors to make money, but is it a lost opportunity that a breach of a site that would be exposing a large amount of intellectual property wasn’t actively used, and instead was just used for mining? Curious…


Other news….

Weekly Cyber Security News 23/03/2018