SOC GoulashAlright team, it's been a bit quiet on the news front over the last 24 hours, but we've still got some interesting bits to chew on, including ongoing database extortion, a wild deepfake job application story, and a new privacy feature from Apple. Let's dive in:
Exposed MongoDB Instances Under Attack β οΈ
- A persistent threat actor is still hitting misconfigured MongoDB instances, wiping databases and demanding low ransoms (around Β£400-Β£500 in Bitcoin) for data restoration, though there's no guarantee of recovery.
- Research shows over 208,500 MongoDB servers are publicly exposed, with 3,100 lacking authentication, and nearly half of those already compromised.
- Admins must avoid public exposure, enforce strong authentication, use firewalls, update to the latest versions, and continuously monitor for unauthorised activity.
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/security/exposed-mongodb-instances-still-targeted-in-data-extortion-attacks/
Deepfake Job Applicants: A New Social Engineering Frontier π§
- An AI security startup CEO recently faced a sophisticated deepfake candidate applying for a security researcher role, highlighting the growing use of AI in recruitment scams.
- Even experienced professionals can struggle with the "inner turmoil" of confronting a deepfake, underscoring the challenge of verifying identity in remote hiring.
- Companies should implement a mix of low-tech (trust your gut, mandate cameras on, ask for physical interaction) and high-tech solutions (deepfake detection tools) to combat this evolving threat, as the cost of hiring a malicious actor can be substantial.
π΅πΌ The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/01/ai_security_startup_ceo_posts/
Apple Enhances iPhone Location Privacy π
- Apple is rolling out a new "Limit Precise Location" feature for some iPhone and iPad models (iOS 26.3+), allowing users to restrict cellular networks to only approximate location data.
- This feature, which doesn't affect emergency calls or app-shared location, appears to be a response to past FCC fines against major carriers for illegally sharing user location data.
- While currently limited to specific devices and carriers (e.g., Telekom DE, EE/BT UK, Boost Mobile US, AIS/True TH), it marks a significant step towards giving users more control over how carriers track their movements.
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/apple/new-apple-privacy-feature-limits-location-tracking-on-iphones-ipads/
#CyberSecurity #ThreatIntelligence #MongoDB #DataExtortion #Deepfake #SocialEngineering #AI #RecruitmentScams #Apple #DataPrivacy #InfoSec #CyberAttack #Vulnerability #IncidentResponse
InfoSec4All
IndiaNewsWatch