HackDig : Dig high-quality web security articles for hacker

Over 650 terabytes of MongoDB data exposed on Internet

The popular expert and Shodan creator John Matherly found over 650 terabytes of MongoDB data exposed on the Internet by vulnerable databases. Last week my old hosting provider GoDaddy created me a lot of problems so I had no opportunity to write about this interesting story, now I passed to a better provider and I decided to d
Publish At:2015-12-19 20:05 | Read:2269 | Comments:0 | Tags:Hacking Security Breaking News shodan database MongoDB

MacKeeper User Database an Open Book

A trove of MacKeeper user data—some 13 million records—has been locked down after a researcher found an exposed and accessible database using a simple Shodan query.Chris Vickery revealed his discovery on Monday on Reddit in more of an appeal to reach officials at Kromtech, the parent company that owns MacKeeper, a suite of performance and security utilities
Publish At:2015-12-16 01:00 | Read:2161 | Comments:0 | Tags:Apple Data Breaches Privacy Chris Vickery data leak Kromtech

13 million MacKeeper users exposed after MongoDB door was left open

Security researcher Chris Vickery has found and reported a massive security issue on the Web servers of MacKeeper, a piece of software often regarded as scareware. According to Krebs on Security, the databases of Kromtech, the company behind MacKeeper, were open to external connections and required no authentication whatsoever. The names, passwords, and othe
Publish At:2015-12-15 21:45 | Read:2344 | Comments:0 | Tags:Risk Assessment Technology Lab mackeeper mongodb

Dream Apps or Database Security Nightmare? No Excuses for Lax NoSQL Security

Many developers are enamored with how easy it is to build new applications using NoSQL databases. But are you building your dream application or creating a database security nightmare? There are no excuses for not following security best practices. As a developer advocate, I spend most of my days helping developers turn their giant ideas into dream apps usin
Publish At:2015-11-18 21:35 | Read:2429 | Comments:0 | Tags:Data Protection Application Development Application Security

MongoDB admins exposed 600 terabytes of data by using un-patched versions

MongoDB administrators have exposed something like 595.2 terabytes of data by using bad poor configurations, or un-patched versions of the MongoDB. John Matherly, the creator of Shodan, the marvelous search engine for connected devices, revealed that many MongoDB administrators have exposed something like 595.2 terabytes of da
Publish At:2015-07-21 19:55 | Read:1917 | Comments:0 | Tags:Breaking News Hacking Security Cybersecurity MongoDB Pierlui

MongoDB Patches Remote Denial-of-Service Vulnerability

MongoDB, a popular NoSQL database used in big data and heavy analytics environments, has patched a serious denial-of-service vulnerability that is remotely exploitable.Companies using the default installation of MongoDB, which does not require authentication to access the database, are urged to update immediately to a patched version, and set up authenticati
Publish At:2015-04-01 01:30 | Read:2135 | Comments:0 | Tags:Hacks Vulnerabilities Web Security Aamir Lakhani Authenticat

Kreditech Investigates Insider Breach

Kreditech, a consumer finance startup that specializes in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants’ personal and financial records online. A screen shot of the Tor site that links to the documents stolen from Kred
Publish At:2015-03-24 07:35 | Read:1999 | Comments:0 | Tags:A Little Sunshine Data Breaches A4 Anna Friedrich Corey Well

Zero-Day Vulnerability Found in MongoDB Administration Tool phpMoAdmin

phpMoAdmin (short for PHP MongoDB administration tool) is a free and open source MongoDB GUI tool. phpMoAdmin is written in PHP and is a popular administration tool to manage the noSQL database MongoDB. A zero-day remote code execution vulnerability was seen in phpMoAdmin which allows an attacker to execute arbitrary code without requiring any authentication
Publish At:2015-03-06 21:20 | Read:1589 | Comments:0 | Tags:Vulnerabilities mongoDB phpMoAdmin zero day zero-day vulnera

phpMoAdmin 0-day Nmap Script

An 0-day vulnerability has been posted on Full-Disclosure this morning. It affects the MongoDB GUI phpMoAdmin. The GUI is similar to the well-known phpMyAdmin and allows the DB administrator to perform maintenance tasks on the MongoDB databases with the help of a nice web interface. The vulnerability is critical because it allows to perform remote code execu
Publish At:2015-03-04 06:50 | Read:2802 | Comments:0 | Tags:Security 0-day MongoDB Nmap NSE Script

#HackerKast 22: PCI says SSL is Dead, Delete all photos on Facebook, 10 million passwords leaked, Pinterest bans affilia

Hey everybody! Welcome to this week’s HackerKast – Episode 22! We are Jeremiahless again this week so it is just Robert and myself covering a ton of news! “SSL is Dead” – PCI “PCI is Dead” – SSL — Matt Johansen (@mattjay) February 17, 2015 Some big news came out of PCI land this week where they are announcing that no
Publish At:2015-02-20 15:40 | Read:3275 | Comments:0 | Tags:Technical Insight Vulnerabilities WhiteHat HackerKast Facebo

Discovered 40000 vulnerable MongoDB databases on the Internet

Three German students have discovered that tens of thousands of MongoDB databases running as a service or website backend were exposed on the Internet. MongoDB is a cross-platform document-oriented database which uses JSON-like documents with dynamic schemas (BSON) improving the integration of data between different applicati
Publish At:2015-02-13 16:05 | Read:2140 | Comments:0 | Tags:Hacking Security database IoT MongoDB shodan

You have no SQL inj--... sorry, NoSQL injections in your application

Everyone knows about SQL injections. They are classic, first widely publicized by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate query string params with SQL). But who cares? SQL injections are so ten years ago. I want to talk about a vulnerability I hadn't run into before that I recently had a lot of fun exploiting. It was
Publish At:2014-08-09 17:07 | Read:2546 | Comments:0 | Tags:sql-injection auxiliary mongodb nosql app

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud