eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 The problem: The 9.1

Software 112

Software Ransomware Education Firmware 112

eSecurity Planet

OCTOBER 2, 2023

September 29, 2023 Patch WS_FTP Now: 10 / 10 RCE Vulnerability Revealed Type of attack: Attackers can exploit unpatched vulnerabilities to perform remote code execution (RCE), directory traversal, cross-site scripting (XSS), SQL injection , cross-site request forgery (CSRF), and file enumeration attacks. RCE vulnerability CVE-2023-42117 = 8.1

DDOS 109

DDOS Encryption Software Ransomware 109

eSecurity Planet

SEPTEMBER 18, 2023

This week, the following active exploits of vulnerabilities were announced: Iranian advanced persistent threat (APT) group exploits January 2023 vulnerabilities in Fortinet firewalls and ManageEngine software to perform remote code execution (RCE) on U.S. Read More: The 8 Best Vulnerability Scanner Tools for 2023 What is Patch Management?

Firewall 109

Firewall Security Defenses Risk Ransomware 109

eSecurity Planet

OCTOBER 30, 2023

It can also be a challenge for security and IT pros even to know everything they own — a vulnerable device may have been forgotten — so asset management is an increasingly important part of vulnerability management. The problem: CVE-2023-20198 , with a highest-possible CVSS Score of 10.0, and CVE-2023-20273 with a CVSS Score of 7.2,

Authentication 104

Authentication Mobile Accountability Software 104

eSecurity Planet

OCTOBER 23, 2023

The past week saw fewer cybersecurity vulnerabilities than the onslaught we saw earlier this month , but the latest ones affected thousands of products, proving that a single vulnerability can have massive repercussions. and CVE-2023-20273 with a CVSS Score of 7.2. It might be worth retraining staff on cybersecurity basics.

Passwords 107

Passwords Penetration Testing Accountability Software 107

eSecurity Planet

SEPTEMBER 25, 2023

This past week in cybersecurity saw a wide range of vulnerabilities, from Apple product patches to several flaws that hit DevSecOps teams. The Akira ransomware group made news too, expanding its attacks to include Linux-based systems, and Trend Micro issued a fix for a zero-day vulnerability in its Apex One endpoint security tools.

Ransomware 109

Ransomware Antivirus Penetration Testing Telecommunications 109

eSecurity Planet

SEPTEMBER 7, 2023

Much like the rest of technology, merger and acquisition (M&A) activity for cybersecurity companies has been in a slump this year. Startup Runways Dwindle A key factor that will likely drive more dealmaking activity is that CEOs of cybersecurity startups may not have much of a choice. trillion for the middle of 2023.

Cybersecurity 120

Cybersecurity Marketing Software DDOS 120

eSecurity Planet

OCTOBER 16, 2023

The past week has been an eventful one for cybersecurity vulnerabilities, from record DDoS attacks and three Microsoft zero-days to vulnerabilities in Linux, Apple, Citrix, and other widely used technologies. The fix: The CVEs and associated patches are detailed in October 2023 Patch Tuesday Includes Three Zero-Days Flaws.

DDOS 104

DDOS Software Cybersecurity Manufacturing 104

eSecurity Planet

OCTOBER 9, 2023

The sheer number of security issues underscores the need for strong patch and vulnerability management — and for cyber resilience that goes deeper than common preventive measures. The problem: Arm has issued a security alert on CVE-2023-4211 , an actively exploited vulnerability in its Mali GPU drivers.

Architecture 104

Architecture Ransomware Software Accountability 104

eSecurity Planet

AUGUST 28, 2023

We’ve compiled some recently active vulnerabilities — both old and new — for security teams to monitor, mitigate, patch, or even remove from your infrastructure altogether. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN 98

VPN Authentication Mobile Firewall 98

eSecurity Planet

AUGUST 28, 2023

We’ve compiled some recently active vulnerabilities — both old and new — for security teams to monitor, mitigate, patch, or even remove from your infrastructure altogether. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN 95

VPN Authentication Mobile Firewall 95

eSecurity Planet

AUGUST 14, 2023

Cybersecurity and Infrastructure Security Agency (CISA) recently published an analysis of the top 12 vulnerabilities exploited in 2022. Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. Adobe also updated their Commerce and Dimension software.

Software 98

Software Malware Internet Internet 98

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. This article details two major findings from the report: five major cybersecurity threats and prioritization problems.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Ransomware 121

eSecurity Planet

OCTOBER 6, 2023

Despite all the advances in cybersecurity, email remains the starting point for the vast majority of cyberattacks, as phishing, malware and social engineering remain effective attack techniques. That makes email security software a worthwhile investment for organizations of all sizes. user/month Coro edge: $11.99/user/month

Software 131

Software Phishing Mobile Threat Detection 131

eSecurity Planet

OCTOBER 13, 2023

Penetration testing is a critically important cybersecurity practice, but one that many organizations lack the on-staff skills to do themselves. Bottom Line: Penetration Testing Services Boost Cybersecurity Penetration testing is a critically important cybersecurity practice for securing applications, networks, cloud environments, and more.

Penetration Testing 120

Penetration Testing Social Engineering Software Cyber Attacks 120

eSecurity Planet

SEPTEMBER 26, 2023

Cisco+ Secure Connect Platform Cisco+ Secure Connect strives to provide a turnkey SASE solution for a variety of needs. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Firewall 98

Firewall DNS Architecture Technology 98

eSecurity Planet

SEPTEMBER 22, 2023

MITRE Engenuity has released its 2023 ATT&CK evaluations, examining how top cybersecurity vendors detect and prevent sophisticated cyberthreats. That makes MITRE evaluations one of the best available tools for both security buyers and vendors to learn. Symantec and Cybereason did particularly well here.

Cybersecurity 109

Cybersecurity Security Defenses Marketing Technology 109

eSecurity Planet

MAY 30, 2024

Table of Contents Toggle Recent Healthcare Attacks & Breaches 5 Key Cybersecurity Management Lessons to Learn Bottom Line: Learn Healthcare’s Lessons Before Suffering Pain Recent Healthcare Attacks & Breaches Large breaches affected over 88 million individuals in the USA in 2023, a 60% increase from 2022. Ascension lost $2.66

Healthcare 123

Healthcare Cybersecurity Ransomware Backups 123

eSecurity Planet

SEPTEMBER 26, 2023

Cato SASE Cloud Cato SASE Cloud provides a cloud-native solution for SASE that is fast to deploy, simple to manage, and capable of improving security and performance. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Firewall 98

Firewall VPN Malware Internet 98

eSecurity Planet

SEPTEMBER 26, 2023

The platform, previously called Versa Secure Access or Versa Secure Access Fabric, connects to both cloud and local resources with ease. Since Versa Unified SASE is the only top SASE vendor that offers an option for locally installed SASE control software, buyers with strong security needs (military, biotech, etc.)

Firewall 98

Firewall Software Internet Internet 98

eSecurity Planet

SEPTEMBER 22, 2023

Barracuda started in the early 2000s with an appliance to provide email security and filter out SPAM. Barracuda SecureEdge can provide accelerated access and strong integrated security policies to protect against malware and secure access between remote users and their applications. Who is Barracuda?

Firewall 98

Firewall Marketing Firmware Technology 98

eSecurity Planet

SEPTEMBER 25, 2023

As companies grow, the strong capabilities of Cloudflare’s higher tiers will facilitate future growth and expansion without compromising security or SASE capabilities. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

DNS 98

DNS DDOS IoT Firewall 98

The Last Watchdog

NOVEMBER 1, 2023

1, 2023 — AdviserCyber , a cybersecurity service provider for Registered Investment Advisers (RIAs) with $500M to $3B Assets Under Management (AUM) who must comply with the Securities and Exchange Commission (SEC) cybersecurity requirements, announced its formal launch today. Phoenix, Ariz. —

Cybersecurity 100

Cybersecurity Penetration Testing Cyber threats Risk 100

eSecurity Planet

APRIL 16, 2024

The security researchers at Oligo Security discovered CVE-2023-48022 , dubbed ShadowRay , which notes that Ray fails to apply authorization in the Jobs API. Vulnerability Scanning Lessons Anyscale’s dispute of CVE-2023-48022 puts the vulnerability into a gray zone along with the many other disputed CVE vulnerabilities.

Cybersecurity 113

Cybersecurity Penetration Testing Internet Internet 113

eSecurity Planet

AUGUST 23, 2023

ITAM can also play an important role in cybersecurity by discovering and updating assets as part of the vulnerability management and patching process. 23, 2023 Read next: Vulnerability Patching: How to Prioritize and Apply Patches Is the Answer to Vulnerabilities Patch Management as a Service? Article written by Drew Robb on Dec.

Software 98

Software Mobile IoT Antivirus 98

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2;

Engineering 109

Engineering Security Defenses Risk Media 109

eSecurity Planet

AUGUST 10, 2023

Threat intelligence feeds are continually updated streams of data that inform users of different cybersecurity threats, their sources, and any infrastructure impacted or at risk of being impacted by those threats. May have redundant features with other cybersecurity tools in your existing toolset.

Internet 96

Internet Internet Cybersecurity Malware 96

eSecurity Planet

AUGUST 12, 2023

Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. Here are the vulnerabilities they discovered, including their CVEs, CVSS scores, and a brief description of each: CyberPower DCIM: CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7)

Authentication 98

Authentication Spyware DDOS Technology 98

eSecurity Planet

JANUARY 8, 2024

The problem: The US Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. and older of the Perl Spreadsheet::ParseExcel library ( CVE-2023-7101 ) contain a RCE vulnerability exploited by Chinese hackers, as noted on December 24th. Versions 0.65

Encryption 109

Encryption Security Defenses Cybersecurity Internet 109

eSecurity Planet

AUGUST 9, 2023

Microsoft’s Patch Tuesday for August 2023 addresses 74 vulnerabilities, six of them critical. The six critical vulnerabilities discussed in the release note are as follows: CVE-2023-29328 and CVE-2023-29330 , a pair of remote code execution flaws in Microsoft Teams with a CVSS score of 8.8 exe and hvciscan_arm64.exe),

VPN 98

VPN Security Defenses Cybersecurity Engineering 98

Security Affairs

SEPTEMBER 11, 2024

TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to remove rootkits, the software could also disable EDR solutions through a command line script or batch file. The command aimed to disrupt security defenses by disabling this service. appeared in the threat landscape in May 2023.

Ransomware 133

Ransomware Malware Security Defenses Hacking 133

eSecurity Planet

JANUARY 2, 2024

Google announced an update to the desktop stable channel to 120.0.6099.129 on December 20, 2023, which was expected to roll out over the coming days and weeks. The fix: Barracuda deployed a patch on December 22, 2023, to fix the exploited ESG appliances. The fix: Access to fix data is currently limited.

Authentication 112

Authentication Software Engineering Security Defenses 112

eSecurity Planet

FEBRUARY 5, 2024

Critical multi-platform vulnerabilities impacting diverse systems dominated the past week’s cybersecurity headlines. The Known Exploited Vulnerabilities list also added the previously disclosed issues CVE-2023-36846 and CVE-2023-36851 , emphasizing the importance of immediate fix. Both affect J-Web and all Junos OS versions.

Risk 113

Risk Penetration Testing Authentication Software 113

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. The problem: Progress Software released patches to fix CVE-2024-2389 in their Flowmon network performance and security software tool.

Firewall 113

Firewall Software Ransomware Penetration Testing 113

eSecurity Planet

FEBRUARY 2, 2024

Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. The zero-days reveal just how many items can threaten an organization’s cybersecurity.

Hacking 125

Hacking IoT Firmware Cybersecurity 125

eSecurity Planet

JUNE 18, 2024

In 2023 alone, the healthcare industry witnessed a staggering 130% increase in ransomware attacks. Rural hospitals face a unique challenge altogether — a lack of resources to invest in robust cybersecurity solutions, leaving their systems and patient data exposed. million records were breached, marking a bad year for data security.

Cybersecurity 67

Cybersecurity Healthcare Computers and Electronics Data breaches 67

eSecurity Planet

JANUARY 29, 2024

The problem: Mandiant revealed possible 2021 exploitation by Chinese espionage attackers for CVE-2023-34048, an out-of-bounds weakness in protocol implementation first publicly reported in October 2023. The fix: Deploy the Apache security upgrades available since November 2023.

Software 113

Software Authentication CSO Accountability 113