Password Alert: 72% of users are recycling passwords!
infosec

Password Alert: 72% of users are recycling passwords!

Password Alert: Users recycle the same password on average four times, according to a Security.org report ....
Read More
infosec

Oakland: The third US city forbidding face recognition

Oakland, California, becomes the third US city that has decided to ban face recognition software from ...
Read More
infosec

Apps are removed from the Google Play Store due to ads

Google has taken strictest measures against apps in the Play Store, which are trying with insidious methods to abuse their ...
Read More
infosec

Israeli spyware was detected on Google, iCloud and Facebook

An Israeli spyware from NSO has been particularly discussed over the past year. One of the most recent incidents concerns ...
Read More
infosec

RAT targets financial institutions and government agencies

Security researchers have identified a new campaign targeting financial institutions and government agencies with a custom version of a remote access ...
Read More
Latest Posts

New Ransomware threatens MongoDB users

mongodb

Future Hosting, a managed provider hosting, warns users of the MongoDB database to verify that their data is protected by authentication and password and that they are not accessible from the open Internet. The warning concerns a new ransomware campaign that erases data from thousands of insecure MongoDB databases last month, exploiting inappropriate security conditions.

MongoDB is an easy-to-use database widely used by the web development community JavaScript.

Data from 12.000 MongoDB databases was deleted and replaced with a message asking the owner to contact the attacker to give him details about the payment he had to deposit. Unlike traditional ransomware attacks, the data is not encrypted but copied to the attacker's servers and then deleted. More than 275 million people were affected by this violation.

Attacks against unsafe MongoDB databases are common, but the scale of recent attacks is far greater than data leakages and ransomware attacks in recent years.

Future Hosting advises users using MongoDB to familiarize themselves with MongoDB documentation, especially with the Security Checklist, explaining how to enable access controls and enable authentication.

MongoDB is not inherently insecure, meaning that attackers do not exploit any software vulnerability. However, inexperienced users often fail to properly format the database, allowing it to respond to requests from arbitrary IP addresses without authentication.

Attack victims may not be aware that MongoDB requires settings to protect data from external access. They can also falsely believe it is difficult to find unsafe databases. But tools such as the Shodan search engine and BinaryEdge make it easier to find unsafe devices and services online.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *