2024, Firmware and Security Defenses - Cyber Security Informer

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

JUNE 18, 2024

Additionally, if you’re an Ivanti customer or use other products that frequently appear in our recaps and in security news, pay particularly careful attention. You’ll want to check for product security updates a couple of times a week. This could allow them to make changes within the device’s firmware.

Firmware

Firmware Authentication Ransomware Software

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

SEPTEMBER 9, 2024

RansomHub used multiple vulnerabilities to launch ransomware attacks, emphasizing the critical need for updates and strong security measures. Organizations and end users need prompt patching and thorough security policies to protect systems and data from high-risk vulnerabilities. All impacted models must be updated to version 7.00

Firmware

Firmware Backups Firewall Risk

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. 30% data breaches and +23% ransomware for the first two months of 2024. 80% feel moderately to very confident in defense. million per year for the average IT security budget.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Vulnerability Recap 8/12/24 – Old Vulnerabilities Unexpectedly Emerge

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware

Firmware Software Wireless Security Defenses

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection.

Firewall

Firewall Firmware IoT Authentication

Vulnerability Recap 8/20/24 – Microsoft Has the Spotlight This Week

eSecurity Planet

AUGUST 20, 2024

Happy patching, and don’t forget to watch your vendors’ security feeds consistently. August 12, 2024 Ivanti Runs Into Snag With Virtual Traffic Manager Type of vulnerability: Authentication bypass. The vendor didn’t notice any active exploits when it released the security notice. a critical rating.

Authentication

Authentication Firmware Technology Software

Vulnerability Recap 8/13/24 – Old Vulnerabilities Unexpectedly Emerge

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware

Firmware Software Wireless Security Defenses

Vulnerability Recap 6/24/24 – Patch Highlights Across Platforms

eSecurity Planet

JUNE 24, 2024

Cybersecurity researchers discovered a buffer overflow flaw in Intel Core processor firmware causing Phoenix Technology to release patches. To minimize future vulnerabilities, concerned users should prioritize frequent upgrades and strong security practices for all systems and applications. in their June 2024 Patch Tuesday.

Firmware

Firmware Passwords Software Risk

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes. This year, electric cars were a major focal point of the 2024 event, called Pwn2Own Automotive.

Hacking

Hacking IoT Firmware Cybersecurity

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT

IoT Internet Internet Ransomware

Vulnerability Recap 7/1/24 – Apple, GitLab, AI Platforms at Risk

eSecurity Planet

JULY 1, 2024

To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources. June 24, 2024 Ollama AI’s Probllama Vulnerability Enables RCE Type of vulnerability: Multiple, including remote code execution (RCE), path traversal, and insufficient input validation.

Risk

Risk Authentication Firmware Software

Advanced threat predictions for 2025

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT

IoT Energy and Utilities Phishing Cryptocurrency

Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms

eSecurity Planet

JUNE 10, 2024

June 3, 2024 Exploit Chain Enables RCE in Progress Telerik Report Servers Type of vulnerability: Chained remote code execution. The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). Users should upgrade to the most recent Confluence versions to address CVE-2024-21683.

Malware

Malware Authentication Software Telecommunications

Vulnerability Recap 9/2/24 – Big Companies Upgrade vs Risks

eSecurity Planet

SEPTEMBER 2, 2024

To reduce the potential risks, update all impacted software to the most recent version and evaluate your system processes for potential modifications and security enhancements. August 26, 2024 SonicWall Identifies Access Control Vulnerability Type of vulnerability: Improper access control.

Risk

Risk Firewall Firmware Engineering

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation. The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities.

Authentication

Authentication Malware VPN Mobile

Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes

eSecurity Planet

MAY 27, 2024

With these new fixes and updates, users impacted by these vulnerabilities should upgrade their systems as soon as possible, apply access restrictions, perform increased monitoring, and follow the general best practices for security. Immediately update your QNAP devices to the most recent firmware to mitigate these issues.

Backups

Backups Authentication DDOS Engineering

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft

Identity Theft Data breaches Passwords Encryption

Vulnerability Recap 7/8/24 – Intel, Cisco & More Face Risks

eSecurity Planet

JULY 8, 2024

July 1, 2024 OpenSSH Releases Security Updates to Address RCE Type of vulnerability: Signal handler race condition in OpenSSH server. The problem: CVE-2024-6387 is a signal handler race issue within OpenSSH’s server (sshd) that affects glibc-based Linux systems. The fix: OpenSSH issued updates to address CVE-2024-6387.

Risk

Risk Authentication Firmware Surveillance

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

eSecurity Planet

MAY 20, 2024

This doubles as your weekly reminder to check your IT vendors’ security bulletins regularly and patch every vulnerability as soon as you learn about it. Always prioritize creating a patch plan if your security teams haven’t developed a methodology already. This vulnerability affects natural language processing applications.

VPN

VPN Firmware Malware Software

Cyber Security Informer

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

Trending Sources

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Vulnerability Recap 8/12/24 – Old Vulnerabilities Unexpectedly Emerge

VulnRecap 1/16/24 – Major Firewall Issues Persist

Vulnerability Recap 8/20/24 – Microsoft Has the Spotlight This Week

Vulnerability Recap 8/13/24 – Old Vulnerabilities Unexpectedly Emerge

Vulnerability Recap 6/24/24 – Patch Highlights Across Platforms

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Vulnerability Recap 7/1/24 – Apple, GitLab, AI Platforms at Risk

Advanced threat predictions for 2025

Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms

Vulnerability Recap 9/2/24 – Big Companies Upgrade vs Risks

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Vulnerability Recap 7/8/24 – Intel, Cisco & More Face Risks

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

Stay Connected