Browsing tag
According to FarFaria, its apps are “created for children ages 2-9” meaning that the incident exposed children to cybercriminals. Another day, another data leak incident involving misconfigured and exposed MongoDB database – This time it is FarFaria, a San Francisco, CA-based company that offers storybooks for children service through Android and iOS apps. It all happened […]
The hacker controlled 250GB worth of the NewsBlur database and ransomed it before deleting it. NewsBlur is a US-based software company that runs an online RSS newsreader service. NewsBlur suffered a service outage after a hacker wiped its database. Reportedly, the hacker (or script kiddie, as NewsBlur’s founder called it) gained access to its database […]
The ride-hailing app database was hosted on an insecure MongoDB server. Another day, another data breach – This time, security researchers have identified a ride-hailing app exposing personal data of 1 to 2 million Iranian drivers, thanks to an insecure MongoDB database. The database (labeled named ‘doroshke-invoice-production) was discovered by Security Discovery’s researcher Bob Diachenko […]
We normally consider family locator app as a blessing because we are able to track our family members conveniently through them. But, what if your private data collected or shared on such an app gets misused by cybercriminals because the app fails to secure it properly? It would instantly become a nuisance…no? The same has […]
Verifications.io breach is one of the largest data breaches but the good news is that it does not involve passwords. Another day, another data breach; this time the email validation service Verifications.io has leaked a humongous database containing personal and sensitive records of more than 2 billion individuals around the world. Verifications.io breach – What happened It […]
Thanks to yet another unsecure MongoDB Server. Dalil is a Saudi caller ID app that is reportedly been leaking user data because of storing it on an unsecure MongoDB server. Within a week private data of over 5 million Dalil users has been leaked and the data is available online easily for everyone to access. […]
The Dec 2016 cyber extortion and espionage against MongoDB installation is still happening today in early 2019. Cyber espionage and extortion are lucrative businesses for cybercriminals. Extortion is a very profitable undertaking even before the Internet became a thing, and with the digitalization of data, means the ‘trust’ of customers are stored in a storage […]
China is often suspected to sponsor hack attacks against organizations and agencies in the US or Europe. However, this time around China itself has become a victim of a security breach. Reportedly, an unprotected MongoDB has exposed personal and professional details of more than 202 million people. HackenProof’s security researcher Bob Diachenko discovered that resume files of […]
Millions of personal and job records were exposed by a database without authentication measures Network security researchers from the International Institute of Cyber Security have reported the discovery of an enormous online database that stored personal information of over 202 million Chinese citizens. According to reports, this information was available to anyone with no authentication […]
Another day, another data breach – This time, the IT security researcher at HackenProof have discovered a massive trove of personal data of over 66 million users exposed online due to an unprotected MongoDB database. In October and November 2018, HackenProof’s security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a […]
Another day, another trove of sensitive data exposed online. This time, a MongoDB database containing a whopping 43.5GB of the dataset used in marketing campaigns has been left exposed for public access. The data was discovered by Bob Diachenko, an independent security researcher who noted that the database was available on an unprotected MongoDB hosted on Grupo-SMS hosting and […]
XVNA is an extreme vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it’s not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and sharpening your application security skills with any tools of your own […]
For the last couple of years, hackers have been exploiting unprotected MongoDB based servers to steal data and hold the exposed databases for ransom. Hackers leaked 36 million records of internal data collected from several vulnerable servers. The information security training researchers from German firm Kromtech conducted an experiment in which they purposely left a MongoDB database […]
Tool to check if a given IP is a node tor or an open proxy. Why? Sometimes all your throttles are not enough to stop brute force attacks or any kind of massive attacks, so it can help you to drop, some attackers who use tor or open proxies. How it works The ipChecker has […]
cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits […]
MongoDB company implements new data security features in response to the recent wave of ransom attacks that hit installations worldwide. You have to admit that the bad actors are very good at leveraging a vulnerability into a lucrative opportunity. The latest example comes from MongoDB, a popular, open source database commonly deployed for big data applications on the […]
Ransom attacks on MongoDB databases rekindled last week and over the weekend with the emergence of three new groups that hijacked over 26,000 servers, with one group hijacking 22,000. The attacks, detected by security researchers Dylan Katz and Victor Gevers, are a continuation of the so-called MongoDB Apocalypse that started in late December 2016 and continued through the first months […]
Earlier in January, we heard about MongoDB ransomware that erased data from not hundreds but thousands of computers and forced the victims to pay ransom money. The same MongoDB ransomware is now back in the news but this time, it is even more powerful and the campaign is also quite sophisticated in design. In the recent […]
For the past week, unknown groups of cyber-criminals have taken control of and wiped data from CouchDB and Hadoop databases, in some cases asking for a ransom fee to return the stolen files, but in some cases, destroying data just for fun. These incidents come after crooks hijacked and held data ransom from MongoDB databases […]
The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken. According to statistics provided by two security researchers monitoring these attacks, Victor Gevers and Niall Merrigan, this group is […]
MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone from one to three, and more are expected to join in the upcoming days. This Monday, Bleeping Computer broke the news that a hacker/group identified as […]