eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6

Software 110

Software Education Ransomware Firmware 110

eSecurity Planet

MARCH 25, 2024

The fix: While the flaw isn’t patchable, ArsTechnica said it could “be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations.”

Computers and Electronics 60

Computers and Electronics Software Accountability Authentication 60

eSecurity Planet

JANUARY 16, 2024

The problem: WordPress plugin Popup Builder is vulnerable to exploitation through a flaw that allows attackers to perform administrator-level actions like installing new rogue plugins or creating new admin accounts. CVE-2022-22274 is a stack-based buffer overflow vulnerability in SonicOS, the firewall’s operating system.

Firewall 107

Firewall Firmware IoT Authentication 107

eSecurity Planet

AUGUST 28, 2023

An attacker creates a new admin user and logs into an OpenFire account. Akira carries out attacks via compromised user accounts, particularly ones that don’t have multi-factor authentication (MFA) enabled. The security bulletin was last updated August 25. If they then install a plugin, they can execute commands.

VPN 98

VPN Authentication Mobile Firewall 98

eSecurity Planet

AUGUST 28, 2023

An attacker creates a new admin user and logs into an OpenFire account. Akira carries out attacks via compromised user accounts, particularly ones that don’t have multi-factor authentication (MFA) enabled. The security bulletin was last updated August 25. If they then install a plugin, they can execute commands.

VPN 95

VPN Authentication Mobile Firewall 95

eSecurity Planet

JANUARY 30, 2024

Verizon’s 2023 Data Breach Investigations Report (DBIR) also reveals that inside actors were responsible for 83% of 2022 data breaches. Review logs to spot unexpected patterns or potential security incidents. Ensure always-on DDoS protection: Ensure that your DDoS protection service is consistently active for extended security.

Risk 124

Risk DDOS Data breaches Encryption 124

SecureWorld News

NOVEMBER 8, 2023

While organizations can invest in sophisticated cybersecurity and threat detection solutions to detect anomalous network and system activity, a socially-engineered conversation between a malicious actor and an untrained employee can easily slip under the radar. Thus, accounts, networks, and data prove to be more easily compromised.

Social Engineering 88

Social Engineering Engineering Cyber Attacks Artificial Intelligence 88

eSecurity Planet

OCTOBER 9, 2023

Due to an Out-of-bounds Write vulnerability in Exim’s SMTP service, Remote Code Execution (RCE) Vulnerability CVE-2023-42115 allows remote unauthenticated attackers to execute code in the context of the service account. Attackers might get full access to Confluence instances by creating illegal administrator accounts.

Architecture 103

Architecture Ransomware Software Accountability 103

eSecurity Planet

OCTOBER 2, 2023

Read next: Network Protection: How to Secure a Network Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

DDOS 107

DDOS Encryption Software Ransomware 107

eSecurity Planet

APRIL 1, 2024

The fix: Apply the emergency fixes issued by Microsoft for: Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Attackers Actively Exploit Fortinet Enterprise Management Server SQLi Flaw Type of vulnerability: SQL injection (SQLi) flaw. Oglio tracks vulnerability CVE-2023-48022 , rated CVSS 9.8 (out

Authentication 107

Authentication Artificial Intelligence Software Cybersecurity 107

SecureList

SEPTEMBER 11, 2023

Analysis of Veeamp Veeamp exploits the following Veeam vulnerabilities: CVE-2022-26500, CVE-2022-26501, CVE-2022-26504. Besides, a legitimate driver with a digital signature will not raise any red flags with security systems, helping the attackers to stay undetected for longer. KK.exe : malware known as Burntcigar.

Ransomware 135

Ransomware Encryption Malware DDOS 135

eSecurity Planet

JANUARY 18, 2024

Ransomware Defense Integration Cloud storage combats ransomware threats with integrated protection mechanisms and extensive methods recommended by cybersecurity experts. Gartner predicts that by 2025, 60% of organizations will require integrated ransomware defense strategies on storage devices, up from 10% in 2022.

Risk 122

Risk Backups Encryption DDOS 122

eSecurity Planet

DECEMBER 10, 2023

It simplifies operations by lowering the chance of configuration conflicts and misconfigurations or oversights that could affect security. Throughout the change management process, keep security and compliance in mind. To ensure accountability, conduct thorough audits of adjustments.

Firewall 117

Firewall Network Security Backups Education 117

Centraleyes

DECEMBER 6, 2023

We’ll analyze some broader concepts in cyber security like cybersecurity risk mitigation and establishing a comprehensive vulnerability management program. A thorough cybersecurity risk assessment is an essential and comprehensive way to identify vulnerabilities in your organization that a scan alone cannot catch.

Risk 52

Risk Cyber Risk Software Information Security 52