eSecurity Planet

AUGUST 21, 2023

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. Rarlab released an updated version (6.23) of the software, which should be updated as soon as possible. Organizations may need to quarantine.rar,zip and other archival file formats until the update is installed.

Encryption 98

Encryption Security Defenses Cybersecurity Software 98

eSecurity Planet

SEPTEMBER 5, 2023

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. CVE-2023-3519 was used by the attackers to infect computers, including misleading PowerShell scripts, malware payloads within normal processes, and PHP web shells for remote control. are affected.

VPN 104

VPN Authentication Ransomware Antivirus 104

eSecurity Planet

OCTOBER 30, 2023

It can also be a challenge for security and IT pros even to know everything they own — a vulnerable device may have been forgotten — so asset management is an increasingly important part of vulnerability management. The problem: CVE-2023-20198 , with a highest-possible CVSS Score of 10.0, and CVE-2023-20273 with a CVSS Score of 7.2,

Authentication 104

Authentication Mobile Accountability Software 104

eSecurity Planet

OCTOBER 23, 2023

See the Top Patch and Vulnerability Management tools October 16, 2023 Cisco vulnerability could affect over 40,000 pieces of networking equipment Type of attack: Zero-day vulnerability in IOS XE. The problem: Cisco Talos notified users of a zero-day vulnerability in IOS XE software, which runs on both physical and virtual Cisco devices.

Passwords 107

Passwords Penetration Testing Accountability Software 107

eSecurity Planet

SEPTEMBER 25, 2023

Read about the following vulnerabilities and bugs to know what your business and security team should address, as these flaws and attacks can apply to startups and large enterprises alike. An attacker can use policies for scheduled security scans to run a pipeline in GitLab, posing as another user. severity rating. before 16.2.7

Ransomware 109

Ransomware Antivirus Penetration Testing Telecommunications 109

eSecurity Planet

OCTOBER 9, 2023

The sheer number of security issues underscores the need for strong patch and vulnerability management — and for cyber resilience that goes deeper than common preventive measures. Furthermore, attackers can inject malicious code into the build process, compromising the integrity of software releases and affecting downstream users.

Architecture 104

Architecture Ransomware Software Accountability 104

eSecurity Planet

SEPTEMBER 18, 2023

This week, the following active exploits of vulnerabilities were announced: Iranian advanced persistent threat (APT) group exploits January 2023 vulnerabilities in Fortinet firewalls and ManageEngine software to perform remote code execution (RCE) on U.S. The fix: Apply patches to update the relevant Adobe products.

Firewall 109

Firewall Security Defenses Risk Ransomware 109

eSecurity Planet

OCTOBER 16, 2023

See also: Top Patch and Vulnerability Management tools October 9, 2023 D-Link WiFi range extender susceptible to command injection attacks Type of attack: The vulnerability is a combination of a Denial of Service (DoS) attack and a Remote Command Injection attack.

DDOS 104

DDOS Software Cybersecurity Manufacturing 104

eSecurity Planet

AUGUST 14, 2023

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. August 12 , 2023 Ford Auto’s TI Wi-Fi Vulnerability The Internet of Things (IoT) continues to expand and become a threat to connected businesses. Adobe also updated their Commerce and Dimension software.

Software 98

Software Malware Internet Internet 98

eSecurity Planet

SEPTEMBER 26, 2023

Founded in 2012, Versa Networks seeks to deploy a single software operating system, called VOS, to converge and integrate cloud and on-premises security, networking, and analytics. Using VOS, Versa enables customers and service providers to deploy SASE and software-defined wide area network (SD-WAN) solutions.

Firewall 98

Firewall Software Internet Internet 98

eSecurity Planet

OCTOBER 13, 2023

Software Secured Best for Application and Code Security Testing Ottawa, Ontario-based Software Secured offers a range of penetration testing services, including manual pentests, one-time comprehensive compliance assessments, PTaaS, and even secure code training for developers and engineers.

Penetration Testing 120

Penetration Testing Social Engineering Software Cyber Attacks 120

eSecurity Planet

SEPTEMBER 26, 2023

Cisco+ Secure Connect Platform Cisco+ Secure Connect strives to provide a turnkey SASE solution for a variety of needs. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Firewall 98

Firewall DNS Architecture Technology 98

eSecurity Planet

SEPTEMBER 26, 2023

Founded in Tel Aviv, Israel, Cato Networks started as a firewall-as-a-service (FWaaS) company and focuses on the convergence of security, networks, and the cloud. Cato SASE Cloud Cato SASE Cloud provides a cloud-native solution for SASE that is fast to deploy, simple to manage, and capable of improving security and performance.

Firewall 98

Firewall VPN Malware Internet 98

eSecurity Planet

SEPTEMBER 22, 2023

The Barracuda SecureEdge SASE Platform Barracuda’s SecureEdge platform integrates security capabilities with SD-WAN control to create a seamless SASE product controlled through a single software controller. Centralized control consolidates all security management and operations reporting through cloud-hosted control software.

Firewall 98

Firewall Marketing Firmware Technology 98

eSecurity Planet

SEPTEMBER 25, 2023

Cloudflare One Free Tier All three tiers include the basic SASE package to connect users and assets securely. The free tier includes application connector software, device client (agent) software, ZTNA, SWG, and in-line CASB. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

DNS 98

DNS DDOS IoT Firewall 98

eSecurity Planet

JANUARY 2, 2024

SonicWall researchers discovered that an Apache patch was incomplete, still permitting authentication bypass in open-source ERP software Apache OfBiz. And issues with Barracuda’s Email Secure Gateway persist, with an FBI safety warning about an older vulnerability still outstanding.

Authentication 112

Authentication Software Engineering Security Defenses 112

Security Affairs

SEPTEMBER 11, 2024

TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspersky to remove rootkits, the software could also disable EDR solutions through a command line script or batch file. The command aimed to disrupt security defenses by disabling this service. appeared in the threat landscape in May 2023.

Ransomware 134

Ransomware Malware Security Defenses Hacking 134

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2;

Engineering 109

Engineering Security Defenses Risk Media 109

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software.

Firewall 113

Firewall Software Ransomware Penetration Testing 113

eSecurity Planet

JANUARY 29, 2024

The problem: Mandiant revealed possible 2021 exploitation by Chinese espionage attackers for CVE-2023-34048, an out-of-bounds weakness in protocol implementation first publicly reported in October 2023. The fix: Deploy the Apache security upgrades available since November 2023.

Software 113

Software Authentication CSO Accountability 113

eSecurity Planet

FEBRUARY 12, 2024

The problem: Linux distributions have seen a new vulnerability, a remote code execution in the Shim software Secure Boot process. This code exists in all software that uses Secure Boot, like SUSE, Red Hat, and Debian. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3.

VPN 109

VPN Authentication Software Firewall 109

eSecurity Planet

FEBRUARY 5, 2024

With the recent surge in critical vulnerabilities, organizations should regularly update and patch software, and perform routine vulnerability assessments and penetration testing. The Known Exploited Vulnerabilities list also added the previously disclosed issues CVE-2023-36846 and CVE-2023-36851 , emphasizing the importance of immediate fix.

Risk 113

Risk Penetration Testing Authentication Software 113

eSecurity Planet

AUGUST 10, 2023

Additional costs may arise when integrating OTX and OTX Pulses into third-party software or applications. In our evaluation of different feeds, we looked for solutions with comprehensive APIs as well as solutions with native integrations in-portfolio or with third-party cybersecurity software. You can unsubscribe at any time.

Internet 96

Internet Internet Cybersecurity Malware 96

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security.

Firewall 109

Firewall VPN Software Risk 109

eSecurity Planet

AUGUST 9, 2023

Microsoft’s Patch Tuesday for August 2023 addresses 74 vulnerabilities, six of them critical. The six critical vulnerabilities discussed in the release note are as follows: CVE-2023-29328 and CVE-2023-29330 , a pair of remote code execution flaws in Microsoft Teams with a CVSS score of 8.8 exe and hvciscan_arm64.exe),

VPN 98

VPN Security Defenses Cybersecurity Engineering 98

eSecurity Planet

JANUARY 8, 2024

and older of the Perl Spreadsheet::ParseExcel library ( CVE-2023-7101 ) contain a RCE vulnerability exploited by Chinese hackers, as noted on December 24th. Chrome web browsers experience heap buffer overflow ( CVE-2023-7024 ) in the WebRTC real-time communication coding that can crash chrome or allow for code execution. Versions 0.65

Encryption 109

Encryption Security Defenses Cybersecurity Internet 109

eSecurity Planet

OCTOBER 9, 2024

Remote access software can help you securely connect to your devices from wherever you may be. This can be great for companies that employ many remote workers and want to secure their IT environment better. This can be great for companies that employ many remote workers and want to secure their IT environment better.

Software 62

Software Authentication Mobile Risk 62

eSecurity Planet

AUGUST 12, 2023

Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today. The Trellix researchers investigated several data center software platforms and hardware technologies as part of a U.S. effort to secure critical infrastructure.

Authentication 98

Authentication Spyware DDOS Technology 98

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. CVE-2023-6548 is a remote code execution vulnerability for an authenticated user, and CVE-2023-6549 is a denial-of-service vulnerability. are affected.

Authentication 113

Authentication Malware VPN Mobile 113

eSecurity Planet

FEBRUARY 19, 2024

The problem: Zoom recently patched a flaw that affected three of its Windows-facing software products: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Appliances with affected software must have Anyconnect SSL VPN enabled on whichever interface is exposed to the internet for an attack to occur.

VPN 113

VPN DNS Ransomware Software 113

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Ransomware 121

eSecurity Planet

SEPTEMBER 9, 2024

The problem: RansomHub, a ransomware-as-a-service group, targeted security vulnerabilities in Apache ActiveMQ ( CVE-2023-46604 ), Atlassian Confluence ( CVE-2023-22515 ), Citrix ADC ( CVE-2023-3519 ), and Fortinet devices ( CVE-2023-27997 ). Update through Settings > System > Software updates.

Firmware 109

Firmware Backups Firewall Risk 109

eSecurity Planet

MARCH 4, 2024

The files warned owners that the MQTT software allowed “any valid credential to connect and control your printer.” However, Avast disclosed that their researchers discovered and reported the vulnerability in August 2023 after reverse-engineering a rootkit deployed by the infamous North Korean hacking group dubbed Lazarus.

IoT 117

IoT Internet Internet Ransomware 117

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking 125

Hacking IoT Firmware Cybersecurity 125

eSecurity Planet

MARCH 11, 2024

We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023. The problem: Cisco’s Secure Client software has a vulnerability, CVE-2024-20337 , that allows an attacker to complete a carriage return line feed injection attack. and earlier OpenEdge 12.2.13

Authentication 109

Authentication Software VPN Security Defenses 109

eSecurity Planet

SEPTEMBER 7, 2023

“Despite slower deal volumes in 2023, M&A interest in cybersecurity remains high and I expect we’ll see an uptick in activity later this year and into 2024,” said Chris Stafford, who is a partner in West Monroe’s M&A Practice. trillion for the middle of 2023. And this may happen sooner than later.

Cybersecurity 120

Cybersecurity Marketing Software DDOS 120

eSecurity Planet

SEPTEMBER 26, 2023

Prisma SASE Palo Alto’s Prisma SASE solution is the only company recognized as a Leader in Gartner’s 2023 Magic Quadrant for Single-Vendor SASE. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Artificial Intelligence 52

Artificial Intelligence Marketing DNS IoT 52