A new report has identified significant vulnerabilities resulting from the mis-implementation of Elastic Stack, a group of open-source products that use APIs for critical data aggregation, search and analytics capabilities. Researchers from cybersecurity firm Salt Security discovered issues that allowed them to not only launch attacks where any user could extract sensitive customer and system data but also allowed any user to create a denial of service condition that would render the system unavailable.
Read full article on ZDNet