monitoring software | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then every other monitored customer site," Adi Ashkenazy, CEO of Australian cybersecurity firm Skylight Cyber, told The Hacker News via email. Nagios is an open-source IT infrastructure tool analogous to SolarWinds Network Performance Monitor (NPM) that offers monitoring and alerting services for servers, network cards, applications, and services. The issues, which consist of a mix of authenticated remote code execution (RCE) and privilege escalation flaws, were discovered and reported to Nagios in October 2020, following which they were  remediated  in  November . Chief among them i

Are You an Employee? It's quite possible that someone has been reading your messages, emails, listening to your phone calls, and monitoring your activities at work. No, it's not a spy agency or any hacker… ...Oops! It's your Boss. Recently, European Court had ruled that the Employers can legally monitor as well as read workers' private messages sent via chat software like WhatsApp or Facebook Messenger and webmail accounts like Gmail or Yahoo during working hours. So, if you own a company or are an Employer, then you no need to worry about tracking your employees because you have right to take care of things that could highly affect your company and its reputation, and that is Your Employees! Since there are several reasons such as Financial Need, Revenge, Divided Loyalty or Ego, why a loyal employee might turn into an INSIDER THREAT . Insider Threat is a nightmare for Millions of Employers. Your employees could collect and leak all your professional,

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or