MongoDB | Breaking Cybersecurity News | The Hacker News

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company  said  it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response efforts. It further noted that "this unauthorized access has been going on for some period of time before discovery," but emphasized it's not "aware of any exposure to the data that customers store in MongoDB Atlas." It did not disclose the exact time period of the compromise. In light of the breach, MongoDB recommends that all customers be on the lookout for social engineering and phishing attacks, enforce phishing-resistant multi-factor authentication (MFA), as well as rotate their MongoDB Atlas passwords. That's not all. The company said it's also expe

At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced Field Level Encryption (FLE), which will be available in the upcoming MongoDB 4.2 release, is an end-to-end encryption feature that encrypts and decrypts sensitive users' data on the client-side, preventing hackers from accessing plaintext data even if the database instance left exposed online or the server itself gets compromised. Almost every website, app, and service on the Internet today usually encrypt (particularly "hashing") only users' passwords before storing them into the databases, but unfortunately left other sensitive information unencrypted, including users' online activity data and their personal information. Moreover, even if there is an encryption

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica