eSecurity Planet

JUNE 3, 2024

May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. The problem: Recently discovered zero-day CVE-2024-24919 affects Check Point virtual private network (VPN) products. The vulnerability is tracked as CVE-2024-23108 and has a CVSS severity rating of 10.0.

VPN 109

VPN Authentication Passwords Software 109

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security.

Firewall 109

Firewall VPN Software Risk 109

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 119

Authentication VPN Software DDOS 119

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 113

Authentication Malware VPN Mobile 113

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

eSecurity Planet

FEBRUARY 16, 2024

In November 2021, the FBI disclosed a FatPipe VPN exploit that enabled backdoor access via web shells. In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. Want to strengthen your organization’s digital defenses?

Internet 113

Internet Internet Cybersecurity Network Security 113

eSecurity Planet

JANUARY 29, 2024

Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane. You can unsubscribe at any time.

Password Management 109

Password Management Passwords Authentication Accountability 109