July 21, Securityweek – (International) Configuration issue exposes 30,000 MongoDB instances: researcher. The founder of the Shodan computer search engine reported that a default listening configuration in MongoDB exposed about 30,000 database instances containing 592.2 terabytes (TB) of data. Source
July 20, Network World – (International) Microsoft issues critical out-of-band patch for flaw affecting all Windows versions. Microsoft released an update addressing a critical remote code execution vulnerability (RCE) with the OpenType Font Driver in the Windows Adobe Type Manager Library affecting all supported versions of Windows that was being exploited in the wild. Source
July 20, SC Magazine – (International) Study: half of critical infrastructure IT professionals believe major attack looming. Findings from a survey of over 600 critical infrastructure information technology (IT) professionals in Intel Security’s “Critical Infrastructure Readiness Report” revealed that about half of all respondents believe an attack on critical infrastructure in the next three years will down systems and lead to loss of life, and that 90 percent of respondents’ organizations faced an average of 20 attacks in the last year, among other statistics. Source
July 21, Network World – (National) Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep. Fiat Chrysler Automobiles released a manual service bulletin July 16 for various model year 2013 and 2014 Ram, Cherokee, Grand Cherokee, Durango, and Viper vehicles running Uconnect systems addressing vulnerabilities that could have allowed unauthorized and unlawful access to vehicle systems. Source
July 20, Nextgov – (National) OPM changes privacy rules to let investigators inside all databases. The U.S. Office of Personnel Management announced July 16 updated privacy regulations for routine use, granting access for investigators to all its databases in the case of suspected or confirmed security breaches. The public has until August 17 to comment on these changes in confidentiality. Source