eSecurity Planet

SEPTEMBER 5, 2023

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. CVE-2023-3519 was used by the attackers to infect computers, including misleading PowerShell scripts, malware payloads within normal processes, and PHP web shells for remote control. are affected.

VPN 103

VPN Authentication Ransomware Antivirus 103

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 110

Software Education Ransomware Firmware 110

eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023.

Authentication 107

Authentication Software VPN Security Defenses 107

eSecurity Planet

AUGUST 12, 2023

Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. effort to secure critical infrastructure. CVE-2023-3265: Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass; CVSS 7.2) CVE-2023-3261: Buffer Overflow (DOS; CVSS 7.5)

Authentication 98

Authentication Spyware DDOS Cybersecurity 98

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2;

Engineering 107

Engineering Security Defenses Risk Cybersecurity 107

eSecurity Planet

FEBRUARY 12, 2024

February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. This code exists in all software that uses Secure Boot, like SUSE, Red Hat, and Debian. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3.

VPN 107

VPN Authentication Software Firewall 107

eSecurity Planet

MARCH 19, 2024

Frequent Ransomware Target QNAP Discloses 3 Vulnerabilities Type of vulnerability: Improper authentication, injection vulnerability, SQL injection (SQLi). The other two vulnerabilities, CVE-2024-21900 and CVE-2024-21901, only merit medium ratings because they require authentication. The fix: Upgrade to Kubernetes versions 1.28.4

Authentication 117

Authentication VPN Software DDOS 117