eSecurity Planet

MARCH 11, 2024

We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023. JetBrains released a detailed blog post explaining the specific timeline of discovering the vulnerabilities, the conflict with Rapid7, and JetBrains’ stance on releasing vulnerability information. LTS) 8.5.5 (LTS)

Authentication 108

Authentication Software VPN Security Defenses 108

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking 124

Hacking IoT Firmware Cybersecurity 124

eSecurity Planet

MARCH 19, 2024

The problem: Cisco announced patches for 10 vulnerabilities (one critical, four high, five medium) affecting its IOS XR Software, SD-WAN vMaange, and Secure Client products. The vulnerability, CVE-2023-48788 , earns a critical CVSS score of 9.8 The fix: Upgrade to Kubernetes versions 1.28.4 or later to fix the flaw.

Authentication 112

Authentication VPN Software DDOS 112

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Financial Services 77

Financial Services Data breaches Accountability Encryption 77

eSecurity Planet

JANUARY 11, 2024

Most Compromises Exploit Unmanaged Devices Microsoft’s fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from unmanaged devices and that 60% of those attacks use remote encryption. Sophos X-Ops illustrates how remote encryption operates beyond security tool detection.

Ransomware 120

Ransomware Encryption IoT VPN 120

Security Boulevard

JULY 7, 2023

This blog post provides an in-depth analysis of this emerging malware campaign and its corresponding infection chain. TOITOIN Infection Chain In May 2023, diligent threat hunters within the Zscaler cloud, recognized as the world's largest security cloud, made a significant breakthrough. Key Takeaways and Observations 1.

Malware 105

Malware Encryption Phishing Internet 105

eSecurity Planet

AUGUST 12, 2023

Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. effort to secure critical infrastructure. CVE-2023-3265: Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass; CVSS 7.2) CVE-2023-3261: Buffer Overflow (DOS; CVSS 7.5)

Authentication 97

Authentication Spyware DDOS Cybersecurity 97

eSecurity Planet

OCTOBER 10, 2023

Google said the attacks peaked at 398 million requests per second (rps) — more than five times larger than the previous record set in February 2023 — and more web traffic in two minutes than Wikipedia received in the entire month of September. Web server vendors and projects also announced mitigation measures and patch plans.

DDOS 93

DDOS Cybersecurity Security Defenses Software 93