[HackerNews] Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research.
“Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven’t yet enabled

Source: Read More (The Hacker News)

You might be interested in …

[ThreatPost] Crystal Valley Farm Coop Hit with Ransomware

All posts, ThreatPost

It’s the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure. Source: Read More (Threatpost)

Read More

[BleepingComputer] iPhones running latest iOS hacked to deploy NSO Group spyware

Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits. […] Source: Read More (BleepingComputer)

Read More

[ThreatPost] Why MTTR is Bad for SecOps

All posts, ThreatPost

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. Source: Read More (Threatpost)

Read More