Security researchers have begun stumbling upon misconfigured Django applications that are exposing sensitive information such as API keys, server passwords, or AWS access tokens.
A new type of attack has been discovered targeting PostgreSQL databases, in which malware authors are using an image of Hollywood actress Scarlett Johansson to hide a cryptocurrency miner they intend to run on the DB's underlying server.
Amazon AWS S3 cloud storage servers might soon fall victims to ransom attacks, similar to how hacker groups held tens of thousands of MongoDB databases for ransom throughout 2017.
Websites built using the Anchor CMS may be accidentally exposing their database passwords in publicly-facing error logs, Dutch security researcher Tijme Gommers has discovered.
For the second time in two months, the voter registration information of over 19 million Californians was leaked online via an unsecured MongoDB database, which was later held for ransom by hackers.
The US Department of Homeland Security (DHS) announced it suffered a data breach last year, during which data for over 247,000 DHS employees and individuals under DHS investigations was taken from a secure DHS database.
A Chinese threat actor has been targeting MSSQL and MySQL databases on Windows and Linux systems all year, deploying one of three malware strains, each with its own design and purpose.
The details of over 19 million California voters were left exposed online in an unsecured MongoDB database and were later held for ransom, according to researchers from the Kromtech Security Center.
Following a long string of data leaks caused by misconfigured S3 servers, Amazon has decided to add a visible warning to the AWS backend dashboard panel that will let server admins know if one of their buckets (storage environments) is publicly accessible and exposing potentially sensitive data on the Internet.
Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company's customers or internal staff.
A Romanian bug hunter has found three flaws in Google's official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders.
Security researchers, and what appears to be at least one hacker, have found an ElasticSearch server left exposed online that was hosting information about 1,133 National Football League (NFL) players and agents.
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers.
The recent wave of ransom attacks on MongoDB databases happened because database owners forgot to set passwords on their administrator accounts, according to Davi Ottenheimer, Senior Director of Product Security at MongoDB, Inc.
Ransom attacks on MongoDB databases rekindled last week and over the weekend with the emergence of three new groups that hijacked over 26,000 servers, with one group hijacking 22,000.
Sucuri, a cyber security company recently acquired by GoDaddy, has detected a massive online scanning campaign that's searching for websites that use the Adminer database management script.
A new tool is making the rounds on the criminal underground. Called Katyusha Scanner, this is a hybrid between a classic SQL injection (SQLi) vulnerability scanner and Anarchi Scanner, an open-source penetration testing tool.
An impAn improperly secured Amazon S3 "bucket" (server) belonging to World Wrestling Entertainment (WWE) had exposed the personal details of over three million fans.roperly secured Amazon S3 "bucket" (server) belonging to World Wrestling Entertainment (WWE) had exposed the personal details of over three million fans.
Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company's servers.
For 137 days now, a yet to be identified company has left a database containing over 10 million Vehicle Identification Numbers (VINs) exposed online with no authentication.