News • Insights • Analysis
An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. Read More …
Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by exploiting vulnerabilities or taking advantage of security gaps — leveled against Elasticsearch servers. These attacks mostly deliveredcryptocurrency-mining malware, as in the Read More …
Security researchers have observed a spike in attacks from multiple threat actors targeting Elasticsearch clusters, in what is believed to be an attempt to spread malware on victims’ machines. Attackers appear targeting clusters using versions 1.4.2 and lower, and are Read More …
An unprotected Elasticsearch server indexed by the Shodan IoT search engine on November 14 exposed a 73 GB database of 57 million US citizens’ records. The publicly accessible server discovered by security researcher Bob Diachenko contained an Elasticsearch instance with a Read More …