KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Do your MongoDB admins know what they are doing?

Note:  This was originally posted to LinkedIn, but I have moved it over here to go along with the update I posted about the explosion of malicious ransom demands. MongoDB by default does not have very good security configured out of the box. Unfortunately, the technology is new enough and different enough that people tend…

Continue Reading

MongoDB Ransomware Explosion

Recently I posted an article on LinkedIn about MongoDB security… well, it turns out that this has exploded into a big issue.  Over the last two weeks malicious hackers have been going crazy with extortion schemes.  Hackers are connecting to unsecured MongoDB instances, encrypting the data and then demanding payment before they will release the…

Continue Reading