eSecurity Planet

MAY 30, 2024

Table of Contents Toggle Recent Healthcare Attacks & Breaches 5 Key Cybersecurity Management Lessons to Learn Bottom Line: Learn Healthcare’s Lessons Before Suffering Pain Recent Healthcare Attacks & Breaches Large breaches affected over 88 million individuals in the USA in 2023, a 60% increase from 2022. Ascension lost $2.66

Healthcare 73

Healthcare Cybersecurity Backups Ransomware 73

eSecurity Planet

OCTOBER 2, 2023

As always, our pressured IT and security teams will need to use severity ratings in combination with a risk analysis of assets potentially exposed by vulnerabilities to determine priorities and schedules. The problem: Vulnerability CVE-2023-42115 , rated critical (9.8 RCE vulnerability CVE-2023-42117 = 8.1 under CVSS v3.1)

DDOS 107

DDOS Encryption Software Ransomware 107

eSecurity Planet

OCTOBER 23, 2023

The past week saw fewer cybersecurity vulnerabilities than the onslaught we saw earlier this month , but the latest ones affected thousands of products, proving that a single vulnerability can have massive repercussions. The lesson: don’t forget about the basics of security in the midst of patching.

Passwords 105

Passwords Penetration Testing Accountability Software 105

eSecurity Planet

OCTOBER 30, 2023

It can also be a challenge for security and IT pros even to know everything they own — a vulnerable device may have been forgotten — so asset management is an increasingly important part of vulnerability management. The problem: CVE-2023-20198 , with a highest-possible CVSS Score of 10.0, and CVE-2023-20273 with a CVSS Score of 7.2,

Authentication 103

Authentication Mobile Accountability Software 103

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk 124

Risk DDOS Data breaches Encryption 124

eSecurity Planet

MAY 28, 2024

Cloud security issues refer to the threats, risks, and challenges in the cloud environment. Risks include potential damage from cyber threats and vulnerabilities. Challenges are gaps and barriers to attaining good security. Threats are active attacks that target system weaknesses.

Risk 67

Risk Cloud Migration DDOS Encryption 67

The Last Watchdog

NOVEMBER 1, 2023

1, 2023 — AdviserCyber , a cybersecurity service provider for Registered Investment Advisers (RIAs) with $500M to $3B Assets Under Management (AUM) who must comply with the Securities and Exchange Commission (SEC) cybersecurity requirements, announced its formal launch today. Phoenix, Ariz. —

Cybersecurity 100

Cybersecurity Penetration Testing Cyber threats Risk 100

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. score of 9.8 out of 10.0, are format string vulnerabilities. 31 and updated Sept.

VPN 111

VPN Firmware Authentication Phishing 111

eSecurity Planet

OCTOBER 16, 2023

The past week has been an eventful one for cybersecurity vulnerabilities, from record DDoS attacks and three Microsoft zero-days to vulnerabilities in Linux, Apple, Citrix, and other widely used technologies. The fix: The CVEs and associated patches are detailed in October 2023 Patch Tuesday Includes Three Zero-Days Flaws.

DDOS 103

DDOS Software Cybersecurity Manufacturing 103

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

eSecurity Planet

APRIL 16, 2024

The security researchers at Oligo Security discovered CVE-2023-48022 , dubbed ShadowRay , which notes that Ray fails to apply authorization in the Jobs API. Vulnerability Scanning Lessons Anyscale’s dispute of CVE-2023-48022 puts the vulnerability into a gray zone along with the many other disputed CVE vulnerabilities.

Cybersecurity 111

Cybersecurity Penetration Testing Internet Internet 111

eSecurity Planet

AUGUST 28, 2023

We’ve compiled some recently active vulnerabilities — both old and new — for security teams to monitor, mitigate, patch, or even remove from your infrastructure altogether. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN 98

VPN Authentication Mobile Firewall 98

eSecurity Planet

OCTOBER 9, 2023

The sheer number of security issues underscores the need for strong patch and vulnerability management — and for cyber resilience that goes deeper than common preventive measures. The problem: Arm has issued a security alert on CVE-2023-4211 , an actively exploited vulnerability in its Mali GPU drivers.

Architecture 103

Architecture Ransomware Software Accountability 103

eSecurity Planet

AUGUST 28, 2023

We’ve compiled some recently active vulnerabilities — both old and new — for security teams to monitor, mitigate, patch, or even remove from your infrastructure altogether. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN 95

VPN Authentication Mobile Firewall 95

eSecurity Planet

SEPTEMBER 7, 2023

Much like the rest of technology, merger and acquisition (M&A) activity for cybersecurity companies has been in a slump this year. Startup Runways Dwindle A key factor that will likely drive more dealmaking activity is that CEOs of cybersecurity startups may not have much of a choice. trillion for the middle of 2023.

Cybersecurity 117

Cybersecurity Marketing Software DDOS 117

eSecurity Planet

AUGUST 14, 2023

Cybersecurity and Infrastructure Security Agency (CISA) recently published an analysis of the top 12 vulnerabilities exploited in 2022. Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch.

Software 98

Software Malware Internet Internet 98

eSecurity Planet

JANUARY 18, 2024

When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations. They cited lower risk, enhanced security, and cost savings as they go through migration.

Risk 122

Risk Backups Encryption DDOS 122

eSecurity Planet

OCTOBER 6, 2023

Despite all the advances in cybersecurity, email remains the starting point for the vast majority of cyberattacks, as phishing, malware and social engineering remain effective attack techniques. That makes email security software a worthwhile investment for organizations of all sizes. user/month Coro edge: $11.99/user/month

Software 130

Software Phishing Mobile Threat Detection 130

eSecurity Planet

OCTOBER 13, 2023

Penetration testing is a critically important cybersecurity practice, but one that many organizations lack the on-staff skills to do themselves. These reports include the vulnerabilities discovered, the techniques used to exploit them, and security suggestions. Adapting to Evolving Risks: Cyber dangers are ever-changing.

Penetration Testing 117

Penetration Testing Social Engineering Software Cyber Attacks 117

eSecurity Planet

APRIL 15, 2024

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security. CVE-2023-6318 permits privilege escalation to get root access.

Firewall 107

Firewall VPN Software Risk 107

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2;

Engineering 107

Engineering Security Defenses Risk Cybersecurity 107

eSecurity Planet

AUGUST 23, 2023

ITAM can also play an important role in cybersecurity by discovering and updating assets as part of the vulnerability management and patching process. Analytics Some ITAM suites include financial analysis and risk management. Integration with endpoint security tools can simplify patch delivery, security monitoring and asset management.

Software 98

Software Mobile IoT Antivirus 98

eSecurity Planet

AUGUST 9, 2023

Microsoft’s Patch Tuesday for August 2023 addresses 74 vulnerabilities, six of them critical. The six critical vulnerabilities discussed in the release note are as follows: CVE-2023-29328 and CVE-2023-29330 , a pair of remote code execution flaws in Microsoft Teams with a CVSS score of 8.8 exe and hvciscan_arm64.exe),

VPN 98

VPN Security Defenses Cybersecurity Engineering 98

eSecurity Planet

AUGUST 10, 2023

Threat intelligence feeds are continually updated streams of data that inform users of different cybersecurity threats, their sources, and any infrastructure impacted or at risk of being impacted by those threats. May have redundant features with other cybersecurity tools in your existing toolset.

Internet 96

Internet Internet Cybersecurity Malware 96

eSecurity Planet

FEBRUARY 2, 2024

Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. The zero-days reveal just how many items can threaten an organization’s cybersecurity.

Hacking 122

Hacking IoT Firmware Cybersecurity 122

eSecurity Planet

JANUARY 29, 2024

The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. The fix: Deploy the Apache security upgrades available since November 2023.

Software 111

Software Authentication CSO Accountability 111

eSecurity Planet

FEBRUARY 12, 2024

This code exists in all software that uses Secure Boot, like SUSE, Red Hat, and Debian. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. Orca Security published a blog post about the vulnerabilities — its researchers discovered and reported the issues in Fall 2023, and Microsoft quickly patched them.

VPN 107

VPN Authentication Software Firewall 107

eSecurity Planet

MARCH 4, 2024

However, Avast disclosed that their researchers discovered and reported the vulnerability in August 2023 after reverse-engineering a rootkit deployed by the infamous North Korean hacking group dubbed Lazarus. Patched in June 2023 , the vulnerability wasn’t noteworthy at the time, although attacks can gain SYSTEM level access.

IoT 114

IoT Internet Internet Ransomware 114

eSecurity Planet

APRIL 12, 2024

12 Data Loss Prevention Best Practices 3 Real Examples of DLP Best Practices in Action How to Implement a Data Loss Prevention Strategy in 5 Steps Bottom Line: Secure Your Operations with Data Loss Prevention Best Practices When Should You Incorporate a DLP Strategy? Analyze the storage’s security protocols and scalability.

Backups 132

Backups Encryption Data breaches Risk 132

eSecurity Planet

AUGUST 8, 2023

With its Alphabet origins and former Google CEO Eric Schmidt as chairman, SandboxAQ landed a $500 million funding round earlier this year, the biggest cybersecurity round of 2023 thus far, with an A-list of investors that includes Schmidt, Salesforce CEO Marc Benioff, T.

Encryption 98

Encryption Cybersecurity Security Defenses Banking 98

eSecurity Planet

JANUARY 11, 2024

When remote workers connect bring-your-own-device (BYOD) laptops, desktops, tablets, and phones to corporate assets, risk dramatically increases. Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics.

Ransomware 120

Ransomware Encryption IoT VPN 120

eSecurity Planet

MAY 13, 2024

Small business owners tend to adopt Tinyproxy and also tend to use part-time IT resources which potentially threatens related supply chains with third-party risk. The problem: Cisco Talos researchers published a proof of concept for CVE-2023-49606 and Censys detected over 50,000 potentially vulnerable Tinyproxy hosts.

Penetration Testing 64

Penetration Testing IoT Small Business Internet 64

eSecurity Planet

APRIL 1, 2024

The problem: A SQLi flaw tracked as CVE-2023-48788 permits remote code execution (RCE) with SYSTEM privileges in low complexity attacks that don’t require user interaction. The US Cybersecurity & Infrastructure Security Agency (CISA) added this exploit to their vulnerability catalog indicating active exploitation in the wild.

Authentication 107

Authentication Artificial Intelligence Software Cybersecurity 107

eSecurity Planet

OCTOBER 10, 2023

Google said the attacks peaked at 398 million requests per second (rps) — more than five times larger than the previous record set in February 2023 — and more web traffic in two minutes than Wikipedia received in the entire month of September. Web server vendors and projects also announced mitigation measures and patch plans.

DDOS 102

DDOS Cybersecurity Security Defenses Software 102

eSecurity Planet

MAY 27, 2024

This poses serious security risks, particularly for organizations that handle sensitive data. GitLab also patched six medium-severity vulnerabilities, including CSRF via Kubernetes Agent Server, ( CVE-2023-7045 ) and DoS ( CVE-2024-2874 ). poses serious risks caused by insufficient access control.

Backups 64

Backups Authentication DDOS Engineering 64

eSecurity Planet

NOVEMBER 22, 2023

Public accessibility: Because cloud resources are by default public, limited access to sensitive data is required, highlighting the significance of secure setups for data security. Fine-grained access controls reduce the risk of illegal access by ensuring that only authorized people have the required permissions.

Backups 103

Backups Risk Encryption Technology 103

CyberSecurity Insiders

DECEMBER 8, 2021

Thankfully, cybersecurity professionals everywhere are working on inventing new tech and improving upon legacy technology solutions to maintain pace with these criminals who threaten our data security. Learn more about what security leaders have to say about the upcoming year below: Neil Jones, cybersecurity evangelist, Egnyte.

Data breaches 142

Data breaches Ransomware Government Cybersecurity 142