Twitter | Search | |
Bob Diachenko
Cyber Threat Intelligence, OSINT, | Responsible disclosures | Security consultancy | Contact me: bob@securitydiscovery.com
1,138
Tweets
580
Following
9,533
Followers
Tweets
Bob Diachenko Aug 5
Replying to @anthrax0 @fs0c131y
It was not. It is part of completely different scan tool I'm now playing with. Almost sure that 'meow'-attacker(s) heavily utilize APIs from popular IoT search engines to target noSQL.
Reply Retweet Like
Bob Diachenko Aug 3
Replying to @MayhemDayOne
1M+ users details, incl. hashed password, email, usernames, partial CC numbers, drivers info and much more exposed.
Reply Retweet Like
Bob Diachenko Aug 3
Hugo App, "the first Central American application to provide micrologistics services", got their unprotected MongoDB hijacked. I know that because I was literally 1 click away from sending a responsible disclosure alert when db was ransomed.
Reply Retweet Like
Bob Diachenko Jul 30
[NEW REPORT] Argentina’s Ministry of Public Health exposed 115K+ patients details in a misconfig incident. When I found it, the database had already been infiltrated by a “meow bot”. More:
Reply Retweet Like
Bob Diachenko Jul 29
/ / / - please get in touch ASAP or check your mail(s), there is a security issue that needs to be addressed.
Reply Retweet Like
Bob Diachenko Jul 29
Coinmode (): it would be hard to launch the platform with database credentials left in the wild
Reply Retweet Like
Bob Diachenko Jul 28
Replying to @TopUnis
I've sent you a DM because I am not that sure it was 'junk test data' and I think students contact details were compromised.
Reply Retweet Like
Bob Diachenko Jul 28
Replying to @TopUnis
Supposedly, it was part of repository, QS Matching Tool
Reply Retweet Like
Bob Diachenko Jul 28
Replying to @hugomanki
Yes, Indian Institute of Management and Nirma University
Reply Retweet Like
Bob Diachenko Jul 27
Replying to @danehrlich11
Kids will be bored soon
Reply Retweet Like
Bob Diachenko Jul 27
Before <> after. Elasticsearch cluster with 5M+ students contacts data destroyed: Oxford, Nirma, IIM, Hobsons, Griffdom (?). Didn't have time to alert the owner. I think that 'meow' attacks now have different sources and copycats
Reply Retweet Like
Bob Diachenko Jul 27
yet another victim of Meow attack, Zimbabwe's leading online payments platform.
Reply Retweet Like
Bob Diachenko Jul 24
There are 1,779 'meow'd' Elasticsearch clusters and 701 MongoDB instances
Reply Retweet Like
Bob Diachenko Jul 23
[RESEARCH IN PROGRESS] We "forgot" to hide AWS keys in the code of a public repo on . In 10 minutes keys were exploited from two different IPs.
Reply Retweet Like
Bob Diachenko Jul 22
Replying to @MayhemDayOne
Oh and Mongos are also affected by 'Meow' attack, but at a lesser scale - only 70 instances
Reply Retweet Like
Bob Diachenko Jul 22
[NEW REPORT] We put a MongoDB honeypot on the web for three months to see who would attempt to view, steal, and destroy exposed data. This is what happened:
Reply Retweet Like
Bob Diachenko Jul 21
Now secured - but who know when and where it would re-appear. Seems like they've not learned the lesson
Reply Retweet Like
Bob Diachenko Jul 21
Reply Retweet Like
Bob Diachenko Jul 20
Replying to @MayhemDayOne
New Elasticsearch bot attack does not contain any ransom or threats, just 'meow' with a random set of numbers. It is quite fast and search&destroy new clusters pretty effectively
Reply Retweet Like
Bob Diachenko Jul 20
[UFO VPN STORY UPDATE] After the exposed data had been secured, it resurfaced a second time on July 20 at a different IP address - all of the records destroyed now by a new “Meow” bot attack.
Reply Retweet Like