eSecurity Planet

JUNE 20, 2024

Password recovery option: Teams can preset Account Recovery in case they forget their master password. Bitwarden Overview Better for Features, Security, Support & Administration Overall Rating: 4.1/5 5 Advanced features: 3/5 Security: 4.7/5 5 Pricing: 3.1/5 5 Core features: 4.6/5 for up to 10 users • Business: $7.99/user

Password Management 107

Password Management Passwords Authentication Accountability 107

eSecurity Planet

JULY 15, 2024

To reduce the risks caused by these vulnerabilities, affected users should apply patches, upgrade software, and strengthen security measures as soon as possible. July 8, 2024 Four Unpatched Flaws Discovered in Gogs Type of vulnerability: Multiple, including argument injection and file deletion.

Authentication 109

Authentication Backups Software Risk 109

eSecurity Planet

FEBRUARY 5, 2024

January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. The fix: Juniper Networks has published out-of-cycle fixes for CVE-2024-21619 and CVE-2024-21620 — apply fixes to the identified versions. macOS Ventura 13.1,

Risk 113

Risk Penetration Testing Authentication Software 113

eSecurity Planet

JUNE 21, 2024

Security alerts: Notifies you in real time of compromised accounts and passwords, allowing you to take rapid action to secure your accounts. Dashlane’s account recovery key protects your data if you forget your Master Password. identity provider. Its autofill feature is more seamless than Keeper.

Password Management 103

Password Management Passwords Encryption VPN 103

eSecurity Planet

DECEMBER 20, 2023

Bottom Line: ASM Reduces Attack Surfaces Attack Surface Management software is a welcome evolution in vulnerability management, securing digital assets by discovering, analyzing, and maintaining a wide range of assets and environments that attackers may try to exploit. You can unsubscribe at any time.

Software 113

Software Risk Architecture Internet 113

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 113

Software Authentication CSO Accountability 113

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 119

Authentication VPN Software DDOS 119

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 113

Risk Authentication System Administration Ransomware 113

eSecurity Planet

OCTOBER 1, 2024

September 24, 2024 Upgrade WhatsApp Gold to Fix Six New Flaws Type of vulnerability: Not yet specified. Progress Software, which owns WhatsApp Gold, released a security bulletin advising customers to upgrade their WhatsApp Gold instances to version 24.0.1. The vulnerability is tracked as CVE-2024-7593 and has a severity rating of 9.8.

Authentication 109

Authentication Software DNS Internet 109

eSecurity Planet

APRIL 15, 2024

In addition to securing internal assets, you also need to ensure SaaS data is protected. Check out our article on SaaS security checklist and learn how to create one. April 8, 2024 Multiple Vulnerabilities Discovered in LG WebOS Smart TVs Type of vulnerability: Authorization bypass, privilege escalation, command injection.

Firewall 109

Firewall VPN Software Risk 109

eSecurity Planet

JUNE 3, 2024

Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise. May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. The PoC is available on Horizon3AI’s GitHub account.

VPN 109

VPN Authentication Passwords Software 109

eSecurity Planet

JUNE 28, 2024

Millions of WordPress websites are under threat after a critical security breach involving several popular plugins. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. Blaze Widget (versions 2.2.5 – 2.5.2)

Risk 113

Risk Passwords Accountability Malware 113

eSecurity Planet

SEPTEMBER 6, 2024

Avoiding duplication: The same memory glitch that makes us create passwords by association makes us use the same password, or minor variations, for multiple accounts. Password managers create new random passwords for every account. A password manager solves several problems related to the ocean of login credentials we require daily.

Password Management 62

Password Management Passwords Accountability Social Engineering 62

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 130

Identity Theft Data breaches Passwords Encryption 130

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall 113

Firewall Software Ransomware Penetration Testing 113

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 117

IoT Energy and Utilities Phishing Cryptocurrency 117

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 117

IoT Internet Internet Ransomware 117

eSecurity Planet

AUGUST 20, 2024

Once the User Account Control dialog box appears, choose Yes. After the installation, SIGN IN to your Bitdefender Central account using your username and password. Note: If you do not already have an account, please create one. Log in to your Bitdefender Central account on the computer you wish to install the VPN on.

VPN 57

VPN Accountability Antivirus Passwords 57

eSecurity Planet

SEPTEMBER 17, 2024

WordPress is introducing mandatory two-factor authentication (2FA) for all plugin and theme developers to tackle rising security threats, effective October 1, 2024. This move supports the platform’s security by preventing unauthorized access to developer accounts and protecting millions of websites from potential supply-chain attacks​.

Authentication 88

Authentication Passwords Accountability Data breaches 88

eSecurity Planet

AUGUST 21, 2024

LastPass, a leading password manager, offers a robust solution for securely storing and managing your organization’s digital assets. There are many types of network security , so understanding how to use LastPass is essential to managing personal accounts or securing an entire team. Visit the LastPass download page.

Password Management 113

Password Management Passwords Accountability Authentication 113

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 109

Authentication Artificial Intelligence Software Risk 109

eSecurity Planet

JUNE 10, 2024

June 3, 2024 Exploit Chain Enables RCE in Progress Telerik Report Servers Type of vulnerability: Chained remote code execution. The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). Users should upgrade to the most recent Confluence versions to address CVE-2024-21683.

Malware 80

Malware Authentication Software Telecommunications 80

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection.

Firewall 109

Firewall Firmware IoT Authentication 109

eSecurity Planet

JULY 10, 2024

Details of the Data Leak: Emergence, Type & Culprit The data leak first came to light in early July 2024 when a user known as “888” posted information on a hacking forum. Criminals could use this data to open new accounts in the victim’s name, take out loans, or make fraudulent purchases.

Password Management 118

Password Management Passwords Marketing Identity Theft 118

eSecurity Planet

JUNE 14, 2024

LastPass provides a site license, which includes accounts for all employees at a set rate, allowing for growth without additional fees. It offers extensive customer service, guest accounts, SIEM connection, easy reporting, and multiple MFA options. It provides a 14-day free business trial and a free version. user/month • Business: $3.32/user/month

Password Management 62

Password Management Passwords Authentication Accountability 62

Security Boulevard

APRIL 24, 2025

as a result of stronger email authentication protocols like DMARC and Googles sender verification, which blocked 265 billion unauthenticated emails.Education is under attack: Phishing in education surged 224%, with threat actors exploiting academic calendars, financial aid deadlines, and weak security defenses.

Phishing 71

Phishing Scams Cryptocurrency Authentication 71

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 113

Authentication Malware VPN Mobile 113

eSecurity Planet

SEPTEMBER 5, 2024

The company has consistently emphasized its commitment to user privacy and security, assuring users that their data is protected by state-of-the-art encryption and security protocols. The breach occurred on September 1, 2024, when an unidentified hacker accessed Tracelo’s systems.

Data breaches 113

Data breaches Identity Theft Data privacy Risk 113

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Financial Services 77

Financial Services Data breaches Accountability Encryption 77

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 88

Ransomware Encryption Technology Cybercrime 88

eSecurity Planet

AUGUST 8, 2024

CrowdStrike, a cybersecurity behemoth renowned for its cloud-based endpoint protection platform, was in the eye of a storm on July 19, 2024. The fallout has extended beyond operational chaos, with shareholders now holding the company accountable for the massive outage. The road to recovery for CrowdStrike will be long and arduous.

Software 104

Software Healthcare Penetration Testing Cybersecurity 104

eSecurity Planet

MAY 27, 2024

With these new fixes and updates, users impacted by these vulnerabilities should upgrade their systems as soon as possible, apply access restrictions, perform increased monitoring, and follow the general best practices for security. The fix: Fluent Bit developers have published version 3.0.4 , which addresses CVE-2024-4323.

Backups 67

Backups Authentication DDOS Engineering 67

eSecurity Planet

MARCH 25, 2024

March 13, 2024 Fortra Vulnerability Could Result in Remote Code Execution Type of vulnerability: Directory traversal in Fortra’s FileCatalyst workflow, potentially leading to remote code execution. The directory traversal vulnerability is tracked as CVE-2024-25153 and has a critical rating of 9.8. X version of the software.

Computers and Electronics 62

Computers and Electronics Software Accountability Authentication 62

eSecurity Planet

FEBRUARY 16, 2024

In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. Monitor unauthorized changes: Set up real-time monitoring of AD infrastructure, particularly elevated network accounts and groups. Want to strengthen your organization’s digital defenses?

Internet 113

Internet Internet Network Security Cybersecurity 113

eSecurity Planet

MAY 30, 2024

2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. million for the first three quarters of FY 2024. Ascension might try to blame financial troubles for lack of preparation. Ascension lost $2.66

Healthcare 123

Healthcare Cybersecurity Backups Ransomware 123

eSecurity Planet

AUGUST 16, 2024

It’s got the best security features and is relatively easy to use. Whether you’re a business or just someone trying to keep track of your online accounts, 1Password is like the Swiss Army knife for password management. Amidst all the many tools available on the market, 1Password stands out as a great pick.

Password Management 62

Password Management Passwords Accountability Risk 62

eSecurity Planet

SEPTEMBER 13, 2024

By implementing robust cyber security practices, banks protect themselves from cyber threats and ensure they meet these critical regulatory requirements. This may include funds being stolen directly from accounts, costs related to system downtime, or the hefty price of repairing damaged systems.

Banking 108

Banking Identity Theft DDOS Cyber threats 108