Elasticsearch Security | Breaking Cybersecurity News | The Hacker News

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many large and small companies are using to format, search, analyze, and visualize a large amount of data in real time. In recent months, we have seen how thousands of instances of insecure, poorly configured Elasticsearch and Kibana servers had left millions of users sensitive data exposed on the Internet. Since the free version of Elastic Stack by default does not have any authentication or authorization mechanism, many developers and administrators fail to properly implement important security features manually. The core security features—like encrypted communication, role-based access control, authentication realms—in p

In today's world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal's dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More than half of the known cases of massive data breaches over the past year originated from unsecured database servers that were accessible to anyone without any password. Since the database of an organization contains its most valuable and easily exploitable data, cybercriminals have also started paying closer attention to find other insecure entry points. Though the problems with unprotected databases are no news and are widely discussed on the Internet, I want cybersecurity community and industry experts to pay some attention to thousands of unsafe Kibana instances that are exposed on the Internet, posing a huge risk to many companies. Kibana is an open-source analytics and visualiz

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the  SaaS shadow IT  of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI  with little regard for established IT and cybersecurity review procedures. Considering  ChatGPT's meteoric rise to 100 million users within 60 days of launch , especially with little sales and marketing fanfare, employee-driven demand for AI tools will only escalate.  As new studies show  some workers boost productivity by 40% using generative AI , the pressure for CISOs and their teams to fast-track AI adoption — and turn a blind eye to unsanctioned AI tool usage — is intensifying.  But succumbing to these pressures can introduce serious SaaS data leakage and breach risks, particularly as employees flock to AI tools developed by small businesses, solopreneurs, and indie developers. AI Security Guide Download AppOmni's CISO Guide to AI Security - Part 1 AI evoke