MongoDB is a pretty popular, open source database server that many use in the cloud. According to a researcher, attackers have targeted insecurely deployed MongoDB instances, and removed their database. The attackers then extort the victims for a small ransom (0.2 BTC) to get their database back. Watch today’s Byte to learn more, and if you use MongoDB, be sure to check the references below to learn how to harden it.
Episode Runtime: 3:09
Direct YouTube Link: https://www.youtube.com/watch?v=b-oaVQ9iAd4
EPISODE REFERENCES:
MongoDB databases held for ransom Bleeping Computer News article on MongoDB attacks Network World Blog post on insecure MongoDB defaults exposing 600TB Shodan Reddit post on Shodan and MongoDB story Reddit Link to a webinar on securing MongoDB deployments MongoDB― Corey Nachreiner, CISSP ( @SecAdept )