eSecurity Planet

SEPTEMBER 5, 2023

Major cybersecurity events in the last week make clear that hackers just keep getting savvier — and security teams need to be vigilant to keep up. Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. out of 10 on the CVSS vulnerability scale.

VPN 103

VPN Authentication Ransomware Antivirus 103

eSecurity Planet

OCTOBER 11, 2023

Microsoft’s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP/2 “ Rapid Reset ” DDoS vulnerability. CVE-2023-41763 , an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3

DDOS 107

DDOS Engineering Authentication Social Engineering 107

IT Security Guru

MAY 20, 2024

Cybersecurity has never been more critical for businesses. In 2023, an astonishing 50 per cent of companies in the UK reported experiencing some form of cybersecurity breach or attack. Educate and Train Employees Regular training sessions on cybersecurity are crucial for keeping your organisation safe.

Cybersecurity 114

Cybersecurity Backups Cyber threats Mobile 114

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN 98

VPN Authentication Mobile Firewall 98

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN 95

VPN Authentication Mobile Firewall 95

Security Affairs

NOVEMBER 13, 2023

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited Vulnerabilities catalog. ” states the update published by the company on November 8 th 2023. Customers are urged to immediately upgrade.”

Firewall 108

Firewall Authentication Internet Internet 108

eSecurity Planet

SEPTEMBER 26, 2023

SD-WAN integration with the SASE controller for Meraki, Catalyst, and others Cisco Umbrella SIG unifies firewall, SWG, DNS-layer security, CASB, and threat intelligence functions into a single and well-tested cloud service. Cisco+ Secure Connect Platform Cisco+ Secure Connect strives to provide a turnkey SASE solution for a variety of needs.

Firewall 98

Firewall DNS Architecture Technology 98

Malwarebytes

OCTOBER 31, 2023

Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution. This CVEs is listed as: CVE-2023-46747 ( CVSS score 9.8 Cybersecurity risks should never spread beyond a headline. ENG) 16.1.0 – 16.1.4

Authentication 79

Authentication DDOS Firewall Software 79

CyberSecurity Insiders

JANUARY 6, 2023

Hackers have identified APIs as the Achilles heel in organizations’ cybersecurity posture and are using them to steal data, commit fraud, and create havoc in the marketplace, among other aims. Here are some API security predictions for 2023: Prediction #1: There will be a major API security breach that forces faster regulatory action.

CISO 118

CISO Financial Services Risk Unstructured Data 118

eSecurity Planet

SEPTEMBER 26, 2023

Physical appliances provide functionality for routing wide area networks (WANs), stateful firewalls, SD-WANs, NGFW, antivirus, intrusion prevention services (IPS), and unified threat management (UTM) capabilities for local networks.

Firewall 98

Firewall Software Antivirus Internet 98

Security Boulevard

JUNE 9, 2023

On 31-May-2023, Progress Software disclosed a critical vulnerability CVE-2023-34362 in the MOVEit application. Once the malicious webshell is installed, it creates a random 36 characters long password which later is used for the authentication purpose. This ASPX file stages an SQL database account to be used for further access.

Software 103

Software Internet Internet Authentication 103

eSecurity Planet

APRIL 15, 2024

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs). CVE-2023-6318 permits privilege escalation to get root access.

Firewall 107

Firewall VPN Software Risk 107

eSecurity Planet

AUGUST 14, 2023

Cybersecurity and Infrastructure Security Agency (CISA) recently published an analysis of the top 12 vulnerabilities exploited in 2022. August 12 , 2023 Ford Auto’s TI Wi-Fi Vulnerability The Internet of Things (IoT) continues to expand and become a threat to connected businesses.

Software 98

Software Malware Internet Internet 98

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. Both new and old vulnerabilities can enable an attacker with suitable skills to exploit them, regardless of the CVS score severity.

Firewall 110

Firewall Software Ransomware Penetration Testing 110

eSecurity Planet

SEPTEMBER 25, 2023

Customers on this tier will receive Logpush to security incident and event management (SIEM) tools or cloud storage and certificate-based mTLS Authentication for internet of things (IoT) devices. Subscribe The post Cloudflare One SASE Review & Features 2023 appeared first on eSecurity Planet. You can unsubscribe at any time.

DNS 98

DNS DDOS IoT Firewall 98

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

Malwarebytes

MAY 15, 2023

Along with six older vulnerabilities , the Cybersecurity and Infrastructure Agency (CISA) has added a vulnerability in multiple Ruckus wireless products to the Known Exploited Vulnerabilities Catalog. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate these vulnerabilities by June 2, 2023.

Wireless 93

Wireless Firewall Internet Internet 93

SecureWorld News

JANUARY 11, 2024

In an interview with SecureWorld News , Arun DeSouza shares his insights on the challenges and emerging trends in the cybersecurity sector and modern ways to adapt to the changing business landscape. What developments in the security landscape have sparked your enthusiasm, and how does it impact the future of cybersecurity?

Cybersecurity 93

Cybersecurity CISO Cyber threats Risk 93

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication 56

Authentication Ransomware VPN Passwords 56

Malwarebytes

JANUARY 12, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Take for example the vulnerability that has been added to the CISA catalog: CVE-2023-23752 was reported, and a fix was created in February 2023. Secure accounts with two-factor authentication ( 2FA ).

Passwords 132

Passwords Firewall Marketing Authentication 132

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT 91

IoT DDOS Passwords Malware 91

Security Boulevard

APRIL 25, 2023

Yet identities sprawl, duplicate and make connections far more than traditional perimeter safeguards like firewalls. Imagine distributing thousands of firewalls and leaving them open to consume and be consumed by third-party applications with nothing but a sign-up form to make the arrangement. Does that seem safe? Continuity.

Architecture 59

Architecture Firewall Authentication Technology 59

eSecurity Planet

JULY 19, 2023

AWS quotes Reblaze pricing starting at $5,440 a month for comprehensive web application protection, including API, web application firewall and DDoS protection. They monitor API traffic, detect anomalies, enforce policies, and provide security measures such as authentication, authorization, and encryption.

Small Business 98

Small Business Threat Detection Firewall Software 98

SecureList

NOVEMBER 14, 2022

No matter where they are, people around the world should be prepared for cybersecurity incidents. We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Verdict: very limited fulfillment of the prediction ❌ APT predictions for 2023.

Firmware 110

Firmware Surveillance Mobile Telecommunications 110

eSecurity Planet

FEBRUARY 12, 2024

February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. Both vulnerabilities affected authenticated users of Apache Oozie and Apache Ambari.

VPN 107

VPN Authentication Software Firewall 107

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 100

VPN Cybercrime Ransomware Hacking 100

eSecurity Planet

SEPTEMBER 26, 2023

Palo Alto is a top cybersecurity company that pioneered firewall technology and continues to focus on market leadership. Prisma SASE Palo Alto’s Prisma SASE solution is the only company recognized as a Leader in Gartner’s 2023 Magic Quadrant for Single-Vendor SASE. Who is Palo Alto? You can unsubscribe at any time.

Artificial Intelligence 52

Artificial Intelligence Marketing DNS IoT 52

eSecurity Planet

JANUARY 22, 2024

The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. The authenticated user must also be logged into an account on an instance of GHES. Affected keys included some encryption keys and the GitHub commit signing key. EPMM versions 11.10, 11.9

Authentication 111

Authentication Malware VPN Mobile 111

eSecurity Planet

APRIL 14, 2023

Cloudflare’s bot management solution is integrated with its Content Delivery Network (CDN) and web application firewall , which allows for more comprehensive protection against bot attacks. The company also offers a range of additional cybersecurity solutions, including DDoS protection, web application firewalls, and DNS services.

Software 107

Software DDOS Accountability Firewall 107

SecureWorld News

NOVEMBER 2, 2023

In the ever-evolving landscape of cybersecurity threats, the discovery of serious vulnerabilities can send shockwaves through the digital world. Citrix Bleed, officially identified as CVE-2023-4966, is a sensitive information disclosure vulnerability affecting NetScaler ADC and NetScaler Gateway appliances.

Authentication 82

Authentication Data breaches Passwords Firmware 82

Malwarebytes

APRIL 25, 2023

Failure to apply the remediations may risk remote code execution, escalation of privileges, or authentication bypass, which could result in execution of malicious web code or loss of device functionality. The CVEs patched in these updates are: CVE-2023-29411 CVSS score 9.8 CVE-2023-29412 CVSS score 9.8

Software 79

Software Authentication Firewall Risk 79

Security Affairs

APRIL 5, 2023

.” The researchers reported the issues to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which assigned the following five CVEs: Use of Hard-coded Credentials CWE-798 ( CVE-2023–1748 , CVSS3.0: Improper Input Validation CWE-20 ( CVE-2023–1751 , CVSS3.0:

Manufacturing 86

Manufacturing Media Firewall Education 86

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk 221

Risk VPN Internet Internet 221

eSecurity Planet

MARCH 16, 2023

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. Critical Outlook Zero-Day The Outlook zero-day, CVE-2023-23397 , with a critical CVSS score of 9.8, is being actively exploited.

Energy and Utilities 98

Energy and Utilities Authentication Firewall Engineering 98

Security Boulevard

JANUARY 2, 2024

While the “prediction season” gains momentum, it's pivotal to reflect on the high impact of the 2023 cybersecurity landscape. Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

CISO 104

CISO Social Engineering Architecture Ransomware 104

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. We appreciate alphaMountain.ai , Pulsedive and Recorded Future donating full licenses to the Black Hat USA 2023 NOC. Hunter summer camp is back.

Wireless 60

Wireless DNS Mobile Technology 60

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide. ” continues the report.

Energy and Utilities 90

Energy and Utilities Government Firewall Malware 90