Big Data | Breaking Cybersecurity News | The Hacker News

Revolutionary ideas in science, technology, engineering, and mathematics don't occur every day. But when those "eureka" moments happen, we need to provide a forum to explore those ideas, judge them on their merits, and distinguish the extraordinary from the merely good. Once a year, Nokia Bell Labs makes that forum a reality, where robust proposals that have the potential to revolutionize the future of human experience are presented and debated. If you think your idea could be one of them, the Nokia Bell Labs Prize is for you. Solving challenges that connect humans, systems, things, infrastructure, or processes, the 2020 Nokia Bell Labs Prize is an opportunity for innovators around the world to collaborate with world-renowned Nokia Bell Labs researchers and transform their ideas into prototypes of the future. What kind of ideas are we talking about? Big, bold, and bordering on audacious, they should have far-reaching, humanity-changing implications. Previous

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time. In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet. Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually. The core security features—like encrypted communication, role-based access control, authentication realms—in p

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee

In today's world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal's dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More than half of the known cases of massive data breaches over the past year originated from unsecured database servers that were accessible to anyone without any password. Since the database of an organization contains its most valuable and easily exploitable data, cybercriminals have also started paying closer attention to find other insecure entry points. Though the problems with unprotected databases are no news and are widely discussed on the Internet, I want cybersecurity community and industry experts to pay some attention to thousands of unsafe Kibana instances that are exposed on the Internet, posing a huge risk to many companies. Kibana is an open-source analytics and visualiz

Until last year, cyber criminals were only targeting computers of individuals and organisations with ransomware and holding them for ransom, but then they started targeting unprotected online databases and servers around the globe for ransom as well. Earlier this year, we saw notorious incidents where tens of thousands of unprotected MongoDB and Elasticsearch databases were hacked and held for ransom in exchange of the data the hackers had stolen and deleted from the poorly configured systems. Now, cyber crooks have started targeting unprotected Hadoop Clusters and CouchDB servers as well, making the ransomware game nastier if your servers are not securely configured. Nearly 4,500 servers with the Hadoop Distributed File System (HDFS) — the primary distributed storage used by Hadoop applications — were found exposing more than 5,000 Terabytes (5.12 Petabytes) of data, according to an analysis conducted using Shodan search engine. This exposure is due to the same issue — H