eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. The vulnerability can be tracked as CVE-2023-29357. The problem: Technology company Bosch has a thermostat, the BCC100, that’s vulnerable to firmware replacement from a threat actor. Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking 83

Banking Malware Computers and Electronics Mobile 83

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. CVE-2023-6548 is a remote code execution vulnerability for an authenticated user, and CVE-2023-6549 is a denial-of-service vulnerability. and later releases of 13.1

Authentication 113

Authentication Malware VPN Mobile 113

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app.

Scams 251

Scams DDOS Cryptocurrency Accountability 251

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. score of 9.8 out of 10.0,

VPN 113

VPN Firmware Authentication Phishing 113

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. For anyone interested in Internet infrastructure, we encourage you to read it, that’s a well-written blog post right there, waiting for you. That was intriguing.

Software 145

Software Firmware VPN Internet 145

eSecurity Planet

SEPTEMBER 22, 2023

These one, three, and five year subscriptions provide enhanced support for the hardware, firmware maintenance, security updates, and optional participation in early-release firmware updates. Subscribe The post Barracuda SecureEdge SASE Review 2023 appeared first on eSecurity Planet. You can unsubscribe at any time.

Firewall 98

Firewall Marketing Firmware Technology 98

Security Affairs

JANUARY 14, 2024

Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. through 5.35.

Firewall 102

Firewall Firmware Cyber Attacks VPN 102

Security Affairs

NOVEMBER 14, 2023

On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35.

Cyber Attacks 111

Cyber Attacks Firmware Firewall VPN 111

SecureList

DECEMBER 14, 2022

The Viasat “cyberevent” On the 24 th of February , Europeans who relied on the ViaSat-owned “ KA-SAT ” satellite faced major Internet access disruptions. It directly affected satellite modems firmwares , but was still to be understood as of mid-March. Key insights. politicians).

DDOS 138

DDOS Ransomware Government Energy and Utilities 138

eSecurity Planet

DECEMBER 7, 2023

Most organizations use one of the AES algorithms for file encryption, full-disk encryption, application encryption, wifi transmission encryption, virtual public network (VPN) encryption, and encrypted protocols such as transport layer security (TLS). Secure/Multipurpose Internet Mail Extension (S/MIME) upgrades email security.

Encryption 109

Encryption Authentication Passwords Password Management 109

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Disconnect printers from internet access until a patch becomes available.

IoT 117

IoT Internet Internet Ransomware 117

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company. What we predicted in 2022.

Firmware 117

Firmware Surveillance Mobile Telecommunications 117