2023, Blog, Cybersecurity and Security Defenses

2023

Blog

Cybersecurity

Security Defenses

Microsoft’s December 2023 Patch Tuesday Includes Four Critical Flaws

eSecurity Planet

DECEMBER 14, 2023

Microsoft announced only one zero-day flaw this month: CVE-2023-20588 , which is found in AMD processors. Four Critical Vulnerabilities Announced The first of the four critical flaws announced, CVE-2023-35628 , is a remote code execution vulnerability in the Windows MSHTML platform with a CVSS score of 8.1.

Antivirus

Antivirus Engineering Security Defenses Cybersecurity

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

SEPTEMBER 5, 2023

Major cybersecurity events in the last week make clear that hackers just keep getting savvier — and security teams need to be vigilant to keep up. Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation.

VPN

VPN Authentication Ransomware Antivirus

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 The problem: The 9.1

Software

Software Education Ransomware Firmware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2;

Engineering

Engineering Security Defenses Risk Cybersecurity

Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office

eSecurity Planet

AUGUST 9, 2023

Microsoft’s Patch Tuesday for August 2023 addresses 74 vulnerabilities, six of them critical. The six critical vulnerabilities discussed in the release note are as follows: CVE-2023-29328 and CVE-2023-29330 , a pair of remote code execution flaws in Microsoft Teams with a CVSS score of 8.8 exe and hvciscan_arm64.exe),

VPN

VPN Security Defenses Cybersecurity Engineering

Power Management Vulnerabilities Could Shut Down Data Centers: Researchers

eSecurity Planet

AUGUST 12, 2023

Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. effort to secure critical infrastructure. CVE-2023-3265: Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass; CVSS 7.2) CVE-2023-3261: Buffer Overflow (DOS; CVSS 7.5)

Authentication

Authentication Spyware DDOS Cybersecurity

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Threat intelligence feeds are continually updated streams of data that inform users of different cybersecurity threats, their sources, and any infrastructure impacted or at risk of being impacted by those threats. May have redundant features with other cybersecurity tools in your existing toolset.

Internet

Internet Internet Cybersecurity Malware

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7 published blogs detailing the successful and failed breaches of the 2024 event.

Hacking

Hacking IoT Firmware Cybersecurity

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

FEBRUARY 12, 2024

This code exists in all software that uses Secure Boot, like SUSE, Red Hat, and Debian. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. Orca Security published a blog post about the vulnerabilities — its researchers discovered and reported the issues in Fall 2023, and Microsoft quickly patched them.

VPN

VPN Authentication Software Firewall

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

eSecurity Planet

MARCH 11, 2024

We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023. JetBrains released a detailed blog post explaining the specific timeline of discovering the vulnerabilities, the conflict with Rapid7, and JetBrains’ stance on releasing vulnerability information. LTS) 8.5.5 (LTS)

Authentication

Authentication Software VPN Security Defenses

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

eSecurity Planet

MARCH 19, 2024

The problem: Cisco announced patches for 10 vulnerabilities (one critical, four high, five medium) affecting its IOS XR Software, SD-WAN vMaange, and Secure Client products. The vulnerability, CVE-2023-48788 , earns a critical CVSS score of 9.8 The fix: Upgrade to Kubernetes versions 1.28.4 or later to fix the flaw.

Authentication

Authentication VPN Software DDOS

‘Rapid Reset’ DDoS Attack Hits HTTP/2 Web Servers

eSecurity Planet

OCTOBER 10, 2023

Google said the attacks peaked at 398 million requests per second (rps) — more than five times larger than the previous record set in February 2023 — and more web traffic in two minutes than Wikipedia received in the entire month of September. Web server vendors and projects also announced mitigation measures and patch plans.

DDOS

DDOS Cybersecurity Security Defenses Software

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

JANUARY 11, 2024

Most Compromises Exploit Unmanaged Devices Microsoft’s fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from unmanaged devices and that 60% of those attacks use remote encryption. Sophos X-Ops illustrates how remote encryption operates beyond security tool detection.

Ransomware

Ransomware Encryption IoT VPN

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

Security Boulevard

JULY 7, 2023

This blog post provides an in-depth analysis of this emerging malware campaign and its corresponding infection chain. TOITOIN Infection Chain In May 2023, diligent threat hunters within the Zscaler cloud, recognized as the world's largest security cloud, made a significant breakthrough. Key Takeaways and Observations 1.

Malware

Malware Encryption Phishing Internet

Cyber Security Informer

Microsoft’s December 2023 Patch Tuesday Includes Four Critical Flaws

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

Webinars

Trending Sources

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Webinars

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office

Power Management Vulnerabilities Could Shut Down Data Centers: Researchers

6 Best Threat Intelligence Feeds to Use in 2023

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

‘Rapid Reset’ DDoS Attack Hits HTTP/2 Web Servers

Why BYOD Is the Favored Ransomware Backdoor

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

Stay Connected