Hackers are once again finding unsecured MongoDB databases carelessly left exposed on the internet, wiping their contents, and leaving a ransom note demanding a cryptocurrency payment for the data’s safe return. As ZDNet reports, ransom notes have been left on almost 23,000 MongoDB databases that were let unprotected on the public internet without a password. Unsecured MongoDB databases being attacked by hackers is nothing new, of course.

In the world of vulnerabilities, we have seen a few interesting ones released in the last couple of weeks since our last Farsight risk-based vulnerability management blog in June, including some recently discovered by Palo Alto affecting D-Link Routers. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.

How would you compare the Windows and macOS operating systems? In what ways are they similar? Why do they each take different approaches to solving the same problem? For the last 19 years I've developed security software for Windows. Recently, I’ve started implementing similar features on macOS. Since then, people have asked me questions like this. The more experience I gained on these two operating systems, the more I realized they’re very different.

The sharp increase in online shopping since the start of the COVID-19 outbreak has led to a significant rise in cyber-attacks on ecommerce websites and apps, making it imperative for retailers to stay alert to the latest risks.

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our July 2020 roundup of compliance news from around the United States, and around the world.

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.