#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

monitoring | Breaking Cybersecurity News | The Hacker News

Category — monitoring
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Dec 12, 2024 Vulnerability / Cloud Security
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters , often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys," Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new report shared with The Hacker News. The cloud security firm also said that the exposure of the "/debug/pprof" endpoints used for determining heap memory usage, CPU usage, and others, could serve as a vector for DoS attacks, rendering the servers inoperable. As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk. The fact th...
Digital privacy, Internet Surveillance and The PRISM - Enemies of the Internet

Digital privacy, Internet Surveillance and The PRISM - Enemies of the Internet

Jun 17, 2013
If you have followed the startling revelations about the scope of the US government's surveillance efforts, you may have thought you were reading about the end of privacy, and about the Enemies of the Internet. " My computer was arrested before I was ." a perceptive comment by an internet activist who had been arrested by means of online surveillance.  Online surveillance is a growing danger for journalists, bloggers, citizen-journalists and human rights defenders. Over the last few years, law enforcement agencies have been pushing for unprecedented powers of surveillance and access to your private online communications. This week the PRISM surveillance scandal has consumed the Internet as the implications of massive scale U.S. Government spying begin to sink in. The US National Security Organization (NSA) is almost certainly one of (if not the) most technologically sophisticated, well-funded and secretive organizations in the world. The Prism initiative was launched ...
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Jan 14, 2025SaaS Security / Generative AI
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third-party risk. And, this growing attack surface, much of which is unknown or unmanaged in most orgs, has become an attractive target for attackers. So, why should you prioritize securing your SaaS attack surface in 2025? Here are 4 reasons. ‍ 1. Modern work runs on SaaS. When's the last time you used something other than a cloud-based app to do your work? Can't remember? You're not alone.  Outside of ...
Expert Insights / Articles Videos
Cybersecurity Resources