Challenge: Increase in Ransomware infections in MongoDB instances

As part of ongoing research, let’s quickly look into a snippet of live MongoDB ransomware infections. The list is not exhaustive but gives you an insight into the problem.

University of Manchester: “Targeted Cyber Attacks” Book Included as Part of Trust and Security in a Digital World Course

We drafted a “Targeted Cyber Attacks” book a few years ago covering the insightful details related to targeted cyber attacks occurring in the wild including associated threat landscape. The book received…

An independent review of the “Empirical Cloud Security” book has been published by the Elsevier Network Security (NESE) Journal in the August edition. Check the PDF here:

Some of the quotes from the review are presented below:

This is a book you will want to come back to regularly…

At BlackHat Europe Arenal 2020, I released the Strafer tool to detect potential ransomware/bot infections in the Elasticsearch instances deployed in the cloud environments.

Elasticsearch Threat Landscape

In security, we always say and strictly believe “Basics are the Hardest Part to Conquer”. That’s the true fact.

With recent challenges, the usage of video-conferencing technologies has increased exponentially. Zoom is being discussed a lot of these for the same.

With the advancements of new technologies and increasing usage…

Sparty was designed to conduct efficient security assessment of MS Sharepoint deployments. The tool has been used by security community which shows the acceptability and and highlighting that the tool is useful.

Sparty was presented at BlackHat 2013 and the presentation is available at:

Report by Aditya K Sood and RB.

Note: We would like to thank MalwareMustDie for providing additional inputs regarding reverse engineering of binaries.

Media Coverage

New Gucci Botnet Capable of Launching Multiple Types of DDoS Attacks —

New ‘Gucci’ IoT Botnet Targets Europe —

Security Labs discovered a…

Cybercriminals deploy crimeware for conducting nefarious operations on the Internet. Crimeware is managed on a large scale through deployment of centralized portals known as Command and Control (C&C) panels. C&C panels are considered as attackers’ primary operating environment through which crimewave is controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. This empirical study highlights the analysis of thousands of real world C&C web Uniform Resource Locators (URLs) used for deployment of Crimeware such as botnets, key-loggers, ransomware, Point-of-Sales (PoS) malware, etc., to unearth the characteristics of HTTP-based C&C panels. This study gives a statistical view on design and technologies opted by the crimeware authors to deploy HTTP-based C&C panels.

Link :


During the conversation with the administrators about exposed AWS S3 buckets or traditional Directory Listing, the feedback often received is: “since the listed objects or files do not contain any sensitive information, the configuration of the buckets (or directories) is fine even if they are exposed.” This can be…

Online advertisements provide a convenient platform for spreading malware. Since ads provide a significant portion of revenue on the web, significant effort is put into attracting users to them. Malicious agents take advantage of this skillful attraction and then redirect users to malicious sites that serve malware

Recently, malvertising (malicious…

Aditya K Sood

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store