2024, Authentication and Security Defenses

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

eSecurity Planet

JANUARY 2, 2024

SonicWall researchers discovered that an Apache patch was incomplete, still permitting authentication bypass in open-source ERP software Apache OfBiz. And issues with Barracuda’s Email Secure Gateway persist, with an FBI safety warning about an older vulnerability still outstanding. 1020000 1.26.10-gke.1235000 1235000 1.27.7-gke.1293000

Authentication

Authentication Software Engineering Security Defenses

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. and iPadOS 17.4.

Authentication

Authentication Software VPN Security Defenses

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk

Risk Authentication System Administration Ransomware

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication

Authentication VPN Software DDOS

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data. In addition to securing internal assets, you also need to ensure SaaS data is protected. Check out our article on SaaS security checklist and learn how to create one. The exploit has a CVSS severity of 9/10.

Firewall

Firewall VPN Software Risk

VulnRecap 2/5/24 – Azure, Apple, Ivanti, & Mastodon at Risk

eSecurity Planet

FEBRUARY 5, 2024

January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. The fix: Juniper Networks has published out-of-cycle fixes for CVE-2024-21619 and CVE-2024-21620 — apply fixes to the identified versions. tvOS 16.2,

Risk

Risk Penetration Testing Authentication Software

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication

Authentication Artificial Intelligence Software Cybersecurity

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Policy Secure 9.1R17.3

VPN

VPN Authentication Software Firewall

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software

Software Authentication CSO Accountability

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall

Firewall Software Ransomware Penetration Testing

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication

Authentication Malware VPN Mobile

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. Versions 9.x

Firewall

Firewall Firmware IoT Authentication

Vulnerability Recap 3/25/24 – More Ivanti Issues to Patch

eSecurity Planet

MARCH 25, 2024

March 13, 2024 Fortra Vulnerability Could Result in Remote Code Execution Type of vulnerability: Directory traversal in Fortra’s FileCatalyst workflow, potentially leading to remote code execution. The directory traversal vulnerability is tracked as CVE-2024-25153 and has a critical rating of 9.8. and 9.19.0, and 9.19.1)

Computers and Electronics

Computers and Electronics Software Accountability Authentication

5 Major Cybersecurity Trends to Know for 2024

eSecurity Planet

DECEMBER 19, 2023

Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and will continue to present both overhyped possibilities and realized potential in 2024. In 2024, AI poisoning attacks will become the new software supply chain attacks.

Cybersecurity

Cybersecurity CISO Government Technology

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Financial Services

Financial Services Data breaches Accountability Encryption

Dashlane 2024

eSecurity Planet

JANUARY 29, 2024

Get Free Dashlane Access Dashlane advantages: security, UX, and SSO Compared to other leading password managers like LastPass and OneLogin, Dashlane has a unique advantage: it’s never been hacked. This software uses patented security architecture with 256-bit encryption, plus built-in two factor authentication.

Password Management

Password Management Passwords Authentication Accountability

Defining Good: A Strategic Approach to API Risk Reduction

Security Boulevard

JANUARY 18, 2024

Organizations first looked to augment their existing web application security tools and processes to “address” API security. Unfortunately, the security challenges associated with APIs can't be solved by simply updating existing testing tools and edge security defenses to check-the-box technologies that claim to provide "API security."

Risk

Risk Government Artificial Intelligence Threat Detection

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

APRIL 12, 2024

Proofpoint’s 2024 data loss landscape report reveals 84.7% Employ Authentication Methods for All Users & Devices A zero trust approach rejects any sort of inherent trust and requires continual verification of all users and devices. Integrate DLP with secure storage and backup solutions for comprehensive data protection.

Backups

Backups Encryption Data breaches Risk

Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication

Authentication Firewall Encryption Cybersecurity

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Password manager : Stores passwords securely, enforces quality, permits safe internal and external sharing, and ties into HR software for effective off-boarding of users. globally, +19.8%

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Cisco+ Secure Connect SASE Review & Features 2023

eSecurity Planet

SEPTEMBER 26, 2023

SD-WAN integration with the SASE controller for Meraki, Catalyst, and others Cisco Umbrella SIG unifies firewall, SWG, DNS-layer security, CASB, and threat intelligence functions into a single and well-tested cloud service. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Firewall

Firewall DNS Architecture Technology

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT

IoT Internet Internet Ransomware

Cyber Security Informer

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

Trending Sources

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

VulnRecap 2/5/24 – Azure, Apple, Ivanti, & Mastodon at Risk

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

VulnRecap 1/16/24 – Major Firewall Issues Persist

Vulnerability Recap 3/25/24 – More Ivanti Issues to Patch

5 Major Cybersecurity Trends to Know for 2024

The Clock is Ticking for PCI DSS 4.0 Compliance

Dashlane 2024

Defining Good: A Strategic Approach to API Risk Reduction

12 Data Loss Prevention Best Practices (+ Real Success Stories)

Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Cisco+ Secure Connect SASE Review & Features 2023

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Stay Connected