Misconfigured MongoDB databases have long exposed user password data and other sensitive information, with the 2015 breach of scareware provider MacKeeper that exposed data for 13 million users being just one example. With the surge in ransomware-style attacks—which threaten to permanently delete or encrypt data unless owners pay a fee—hacks targeting MongoDB are seeing a resurgence. Many poorly secured MongoDB databases can be pinpointed using Shodan, which currently shows 99,000 vulnerable instances.When the ransom-style attacks targeting MongoDB databases first came to light, they were mostly carried out by someone using the online handle Harak1r1. The individual or group was deleting vulnerable databases and promising to restore them if owners paid around $200 in Bitcoin. Over time, other attackers have taken part in similar attacks, in some cases replacing a rival’s ransom demand with one of their own. A list of the best-known attackers is here. In all, the attackers have compromised about 10,500 databases. Promises to restore the databases in return for a ransom payment are dubious, since there’s no evidence the attackers copied the data before deleting it.
MongoDB maintainers have responded to the reports with a blog post explaining how to detect and respond to attacks. People who administer websites that use MongoDB should ensure they’re avoiding common pitfalls by, among other things, blocking access to port 27017 or binding local IP addresses to limit access to servers.
On November 27th I gave in to temptation and order a Google Pixel. It’s everything I want in a phone and they had a good financing deal.
The phone was back ordered but I ordered it anyway. I could wait a few weeks.
A week after placing the ordering using Googles own financing program I get an email on the 7th telling me the order is on hold.
I call and get a very very very confused woman with a foreign accent on the line. She seems unable to understand the issue. I keep explaining I have no bank to contact about payment, I was approved for their own Financing. I ask to speak with a supervisor. I’m put on hold for a looong time. The same girl comes back on and explains it was just a glitch and to ignore the e-mail.
The next day my phone rings I answer it and no one is there. I look up the number and it turns out it is Google. I call them back talk to another girl with an accent who tells me everything is fine and the payment has processed and the phone will ship eventually.
Today on the 11th I wake up to an e-mail telling me the order has been canceled.
I call I’m told they tried to process the payment 5 times and it failed.
So lets look at that closely.
First, it’s a payment from their own bank that was approved solely for this purchase.
Second, it’s the total opposite of what I was told the TWO times I contacted them.
Third, I checked the status of my order multiple times daily and this issue was never indicated anywhere.
I waited two hours for a supervisor to call me back. I finally called back and now was told I have to wait another two hours for a supervisor to call me back.
I have never in my life had a company go out of their way to make it impossible for me to purchase from them.
Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.
How one rent-a-botnet army of cameras, DVRs caused Internet chaos
Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.
SANS Dean of Research Johannes Ullrich said in Monday’s post that exploits are almost certainly the cause behind an outage that hit Deutsche Telekom customers over the weekend. In a Facebook update, officials with the German ISP said 900,000 customers are vulnerable to the attacks until they are rebooted and receive an emergency patch. Earlier this month, researchers at security firm BadCyber reported that the same one-two port 7547/TR-064 exploit hit the home router of a reader in Poland. They went on to identify D1000 routers supplied by Eircom as also being susceptible and cited this post as support. The Shodan search engine shows that 41 million devices leave port 7547 open, while about five million expose TR-064 services to the outside world.
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net
The attacks started shortly after researchers published attack code that exploited the exposed TR-064 service. Included as a module for the Metasploit exploitation framework, the attack code opens the port 80 Web interface that enables remote administration. From there, devices that use default or otherwise weak authentication passwords can be remotely commandeered and made to join botnets that carry out Internet-crippling denial-of-service attacks.
BadCyber researchers analyzed one of the malicious payloads that was delivered during the attacks and found it originated from a known Mirai command-and-control server.
“The unusual application of TR-064 commands to execute code on routers has been described for the very first time at the beginning of November, and a few days later a relevant Metasploit module had appeared,” BadCyber researchers wrote in a blog post. “It looks like someone decided to weaponize it and create an Internet worm based on Mirai code.”
All bases covered
To infect as many routers as possible, the exploits deliver three separate exploit files, two tailored to devices running different types of MIPS chips and a third that targets routers with ARM silicon. Just like the Metasploit code, the malicious payloads use the exploit to open the remote administration interface and then attempt to log in using three different default passwords. The attack then closes port 7547 to prevent other criminal enterprises from taking control of the devices.
A group of dedicated game preservationists has obtained a set of obscure Japanese Kirby games from the Super Famicom era in order to archive them for future generations. But the uncertain fate of such early games presages a much bigger problem facing digital game preservation going forward.
Even die-hard Kirby fans would be forgiven for not knowing much about Kirby’s Toy Box, a collection of six mini games that was only available through Japan’s Satellaview, an early satellite-based distribution service for the Super Famicom (the Super NES in the West). That system only let you download one game at a time to a special 8-megabit cartridge, though, and you could only download when that specific game was being broadcast across the narrow satellite feed.
Thus, existing copies of most Satellaview games are available only if they happen to be the last game downloaded to individual cartridges (Satellaview broadcasts ended in the late ’90s). While some of these games have been publicly dumped and preserved as ROM files, many exist only in the hands of Japanese collectors. Sometimes, those individuals are reluctant to release the digital code widely.
That’s why gaming historians were so intrigued when a Japanese auction popped up listing four of the Kirby’s Toy Box mini games (Circular Ball, Cannon Ball, Pachinko, and Arrange Ball) for sale on four separate Satellaview cartridges. As Video Game History Foundation founder Frank Cifaldi put it on Twitter, “finding 3 different ones from 1 seller is a miracle.”
Preservationists including Cifaldi and Matthew Callis sought out donations to help win the auctions and preserve the game data for future generations. Yesterday morning, the group announced it had won all four cartridges for a total of ¥85,500 (about $813.08, as reported by Kotaku). “Still missing most of Nintendo’s Satelleview [sic] output, but at least we’ve got most of the Kirbys now,” as Cifaldi put it.
When Sony, Microsoft, and Nintendo eventually shut down their PS3, Xbox 360, and Wii servers for good, hundreds of digital download games will only exist as scattered copies on various console hard drives. That’s already happening with games like P.T., Konami’s free cult horror classic that was pulled down from PSN unceremoniously in 2015. That move led to a spike in prices for secondhand PS4 consoles that happened to have the game trapped on their hard drives.
Sure, we’ll likely be able to find copies of many of the biggest and most popular of these digital-exclusive games in order to export them to a more permanent and emulatable archival format (a recent DMCA decision makes this whole process easier when it comes to mimicking authentication servers). But as servers go offline and games are scattered among myriad distinct consoles, assembling anything close to a complete understanding of today’s digital game marketplace is going to get very tough very quickly. As is the case with many early films that have been lost forever, we may not know what hidden gaming treasures have been lost to history.
As I tell everyone your information is out there, we have lost the privacy war. The big retail chains sometime make the news when they get hacked. The real threat though are the ones that don’t make the news or we don’t know about, banks, medical records, insurance companies. There are thousand of companies whose sole business model is collecting your data, how forth coming do you expect these businesses to be when they have a data breach.
There has been yet another major data breach, this time exposing names, IP addresses, birth dates, e-mail addresses, vehicle data, and occupations of at least 58 million subscribers, researchers said.
The trove was mined from a poorly secured database and then published and later removed at least three times over the past week, according tothis analysis from security firm Risk Based Security. Based on conversations with a Twitter user whofirst published links to the leaked data, the researchers believe the data was stored on servers belonging to Modern Business Solutions, a company that provides data storage and database hosting services.
Shortly after researchers contacted Modern Business Solutions, the leaky database was secured, but the researchers said they never received a response from anyone at the firm, which claims to be located in Austin, Texas. Officials with Modern Business Solutions didn’t respond to several messages Ars left seeking comment and additional details.
Risk Based Security said the actual number of exposed records may be almost 260 million. The company based this possibility on an update researchers received from the Twitter user who originally reported the leak. The update claimed the discovery of an additional table that contained 258 million rows of personal data. By the time the update came, however, the database had already been secured, and Risk Based Security was unable to confirm the claim. The official tally cited Wednesday by breach notification service Have I Been Pwned? is 58.8 million accounts. In all, the breach resulted in 34,000 notifications being sent to Have I Been Pwned? users monitoring e-mail addresses and 3,000 users monitoring domains.
According to Risk Based Security, the account information was compiled using the open source MongoDB database application. The researchers believe the unsecured data was first spotted using the Shodan search engine. The publication of the data happened when a party that first identified the leak shared it with friends rather than privately reporting it to Modern Business Solutions.
By the tally of Risk Based Security, there have been 2,928 publicly disclosed data breaches so far in 2016 that have exposed more than 2.2 billion records. The figures provide a stark reminder of why it’s usually a good idea to omit or falsify as much requested data as possible when registering with both online and offline services. It’s also a good idea to use a password manager, although this leak was unusual in that it didn’t contain any form of user password, most likely because the data was being stored on behalf of one or more other services.