[HackerNews] Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.
“Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven’t yet enabled

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] Palo Alto Networks announces new Prisma Cloud features

All posts, ZDNet

The update includes protection for virtual machines on Azure and Google Cloud as well as Windows support, service mesh support and improved API telemetry. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Critical Bug Reported in NPM Package With Millions of Downloads Weekly

All posts, HackerNews

A widely used NPM package called ‘Pac-Resolver’ for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent.  The flaw, tracked as CVE-2021-23406, has a severity rating of 8.1 on the CVSS vulnerability […]

Read More

[BleepingComputer] Ecuador’s state-run CNT telco hit by RansomEXX ransomware

Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. […] Source: Read More (BleepingComputer)

Read More