Browsing tag
MongoDB is a famous, open-source NoSQL database. Organizations use them regardless of their size; from MetLife, LinkedIn, City of Chicago, Expedia, BuzzFeed to KMPG and The Guardian there are several other high-profile platforms that are currently taking advantage of MongoDB. At the same time, having a high-profile customer doesn’t mean that platform is completely secure. […]
Almost years again, we warned users approximately publicly on hand MongoDB instances – almost six hundred Terabytes (TB) – over the internet which require no authentication, probably leaving websites and servers liable to hacking. these MongoDB instances weren’t exposed because of any flaw in its software program, but due to a misconfiguration (horrific safety exercise) […]
An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing their content, and asking for a Bitcoin ransom to return the data. These attacks have been happening for more than a week and have hit servers all over the world. The first one to notice the attacks was security researcher Victor […]
Before we move on to the MongoDb injections, we must understand what MongoDb exactly is and why we prefer it over other databases. As MongoDb does not use SQL people assumed it is not vulnerable to any kind of injection attacks. But believe me, no one is born with inbuilt security aspects. We have to […]