{"id":57873,"date":"2024-12-15T23:58:08","date_gmt":"2024-12-15T23:58:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/"},"modified":"2024-12-15T23:58:08","modified_gmt":"2024-12-15T23:58:08","slug":"are-your-prometheus-servers-and-exporters-secure-probably-not","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/","title":{"rendered":"Are your Prometheus servers and exporters secure? Probably not"},"content":{"rendered":"<p><span class=\"label\">Infosec in brief<\/span> There&#8217;s a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.<\/p>\n<p>Aqua Security last week <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.aquasec.com\/blog\/300000-prometheus-servers-and-exporters-exposed-to-dos-attacks\/\">reported<\/a> that it discovered more than 296,000 internet-facing Prometheus exporters (tools that export info from other infosec tools into Prometheus) and 40,000 servers were exposed to potential risks.<\/p>\n<p>Unfortunately, this isn&#8217;t so much a problem with Prometheus itself, as the tool&#8217;s documentation &#8220;presume[s] that untrusted users can view information about Prometheus, specifically the Prometheus HTTP endpoint, logs and debugging information&#8221; if proper steps aren&#8217;t taken to protect the instances from the wider internet, Aqua explained.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The concept of information disclosure through publicly accessible Prometheus servers or exporters is not new,&#8221; Aqua added, citing numerous prior reports on the issue. Despite prior warnings, &#8220;the number of exposed instances remains alarmingly high.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Aqua&#8217;s researchers wrote that this is far from being a theoretical risk. They were able to access unauthenticated Prometheus servers to retrieve data including authentication tokens, API keys, Docker registries, system images and all sorts of corporate information. Prometheus exporters are also vulnerable to &#8220;RepoJacking&#8221; \u2013 taking over GitHub projects to implant malicious code.<\/p>\n<p>Aqua researchers also discovered that the \/debug\/pprof endpoint \u2013 designed to profile remote hosts \u2013 can be exploited to execute denial of service attacks on affected systems. The security shop discovered that the issue with pprof had been pointed out before, but appears unresolved.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;In our view, this vulnerability demands attention and mitigation,&#8221; Aqua asserted. But upon contacting the Prometheus security team, Aqua researchers were told &#8220;Supporting good production practices trumps protecting users from gross misconfigurations.&#8221;<\/p>\n<p>In other words, you have some work to do locking down your Prometheus servers and exporters. Mitigation recommendations are included in Aqua&#8217;s report.<\/p>\n<div class=\"boxout\" readability=\"14.436090225564\">\n<h3 class=\"crosshead\">Critical vulnerabilities of the week: Oh, there you are, Apple<\/h3>\n<p>Fashionably late to the party as usual, Apple skipped the Patch Tuesday festivities and published patches for a bunch of its devices on Wednesday instead.<\/p>\n<p>Included in the laundry list of <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/12\/12\/apple-releases-security-updates-multiple-products\">patches<\/a> for everything from visionOS to Safari are a few critical issues \u2013 like a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-45490\">CVSS 9.8 flaw<\/a> in open source software used in iOS, and an unspecified logic issue in macOS Sequoia audio components that could let an app execute arbitrary code with kernel privileges.<\/p>\n<p>Get patching!<\/p>\n<\/div>\n<h3 class=\"crosshead\">Citrix Netscaler targeted by brute-force password spray campaign<\/h3>\n<p>German cyber security officials are <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Cybersicherheitswarnungen\/DE\/2024\/2024-298922-1032.pdf\">warning<\/a> of a brute-force &#8220;password spraying&#8221; attack campaign targeting Citrix Netscaler gateways in critical infrastructure sectors.<\/p>\n<p>The Federal Office of Information Security (BIS) in Germany reported it was tracking a rise in brute force attacks that stands out only in terms of the sheer volume of attacks, with little more information to suggest an origin or purpose to the campaign.<\/p>\n<p>Citrix <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.citrix.com\/blogs\/2024\/12\/13\/password-spraying-attacks-netscaler-december-2024\/\">acknowledged<\/a> the surge in attacks, and recommended using multi-factor authentication and policy tweaks to stymie the assault.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>BIS officials are warning anyone using Citrix Netscaler to deliver web applications to double-check the security of their systems, and do all the necessary things needed to protect the sort of public-facing servers \u2013 like Netscaler gateways \u2013 that are typically hammered by repeated login attempts.<\/p>\n<p>You know \u2013 like enforcing strong passwords, enforcing MFA, increasing wait time between unsuccessful login attempts, etc.<\/p>\n<h3 class=\"crosshead\">PII marketplace busted by feds<\/h3>\n<p>Rydox, an online marketplace dedicated to selling stolen personal information and various cyber crime tools, has been busted by US authorities after an eight-year run that netted its administrators more than $230,000, the US Department of Justice <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.justice.gov\/opa\/pr\/rydox-cybercrime-marketplace-shut-down-and-three-administrators-arrested\">revealed<\/a> last week.<\/p>\n<p>Two of the folks behind the site, Ardit Kutleshi and Jetmir Kutleshi, were arrested in Kosovo and are awaiting extradition to the US. A third, Shpend Sokoli, was arrested in Albania and will be prosecuted there. The website, reportedly hosted in Malaysia, was taken offline by authorities in that country with the assistance of the FBI.<\/p>\n<p>According to the DoJ, Rydox has been used to conduct 7,600 sales of PII, and more than 18,000 users have purchased tools from the service. They allegedly put the purloined PII to use in various scams and criminal schemes.<\/p>\n<p>If convicted, the two Kutleshis each face 20 years in prison for money laundering, ten years for access device fraud, and five years for each of two counts of identity theft and one count of conspiracy to commit identity theft and aggravated identity theft.<\/p>\n<h3 class=\"crosshead\">Beware requests for video meetings that require unfamiliar software<\/h3>\n<p>Cado Security Labs has spotted a campaign that, while targeting Web3 and crypto people, is still a threat to everyone else.<\/p>\n<p>The <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cadosecurity.com\/blog\/meeten-malware-threat\">campaign<\/a> targets Windows and macOS users using a fake virtual meeting software called Meeten \u2013 though it&#8217;s entirely possible that name will be different soon, as the crooks behind the campaign have been switching it up with regularity.<\/p>\n<p>Whatever name it&#8217;s going by, Meeten is merely the Realst crypto stealing malware, and the miscreants running this campaign are trying to trick victims into installing it by claiming it&#8217;s their preferred video conferencing tool. Once Meeten is installed, it goes to work invading wallets and stealing cryptocurrency.<\/p>\n<p>But that&#8217;s not all: Along with targeting crypto wallets, Realst is also able to steal Telegram credentials, stored bank card details, Keychain information, browser cookies and autofill credentials.<\/p>\n<p>In short, beware anyone approaching you with a suspicious investment proposition and a request to install unfamiliar software.<\/p>\n<h3 class=\"crosshead\">BeyondTrust API key pilfered<\/h3>\n<p>Identity and access management software firm BeyondTrust last week reported that an API key for its Remote Support SaaS offering was compromised, allowing for password resets of local accounts. But trust them \u2013 it&#8217;s gonna be okay.<\/p>\n<p>BeyondTrust <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.beyondtrust.com\/remote-support-saas-service-security-investigation\">stated<\/a> it revoked the key as soon as it realized what had happened, notified all impacted customers, and suspended affected instances, all on the same day \u2013 but it still took a few for the issue to be spotted.<\/p>\n<p>&#8220;Potentially anomalous behavior was detected by our Information Security team on December 2nd,&#8221; BeyondTrust wrote. &#8220;During our initial analysis, the anomalous behavior was confirmed on December 5th, 2024, and a limited number of impacted instances of Remote Support SaaS were identified.&#8221;<\/p>\n<p>It&#8217;s not clear what might have been done to affected Remote Support SaaS customers in the intervening few days, and BeyondTrust said its investigation is ongoing.<\/p>\n<p>Those affected should have been notified by now \u2013 but it might not hurt for Remote Support SaaS customers to contact the vendor just in case. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/12\/15\/prometheus_servers_exporters_exposed\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Infosec in brief\u00a0 There&#8217;s a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-57873","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Are your Prometheus servers and exporters secure? Probably not 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Are your Prometheus servers and exporters secure? Probably not 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-15T23:58:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Are your Prometheus servers and exporters secure? Probably not\",\"datePublished\":\"2024-12-15T23:58:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/\"},\"wordCount\":1079,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/\",\"name\":\"Are your Prometheus servers and exporters secure? Probably not 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-12-15T23:58:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/are-your-prometheus-servers-and-exporters-secure-probably-not\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Are your Prometheus servers and exporters secure? Probably not\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Are your Prometheus servers and exporters secure? Probably not 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/","og_locale":"en_US","og_type":"article","og_title":"Are your Prometheus servers and exporters secure? Probably not 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-12-15T23:58:08+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Are your Prometheus servers and exporters secure? Probably not","datePublished":"2024-12-15T23:58:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/"},"wordCount":1079,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/","url":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/","name":"Are your Prometheus servers and exporters secure? Probably not 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-12-15T23:58:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z1-hqEZ5YbOpfcgDwtUUqQAAAY4&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/are-your-prometheus-servers-and-exporters-secure-probably-not\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Are your Prometheus servers and exporters secure? Probably not"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57873"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57873\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}