2024, Internet and Security Defenses - Cyber Security Informer

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

FEBRUARY 19, 2024

Your IT teams should regularly check your vendors’ security bulletins for any vulnerability news or updates. February 13, 2024 Zoom Fixes Critical Vulnerability in Windows Products Type of vulnerability: Improper input validation. The vulnerability CVE is CVE-2024-24691. It’s rated as critical, with a score of 9.6.

VPN

VPN DNS Ransomware Software

Cisco to offer Webex air-gapped cloud system for security, defense work

CSO Magazine

APRIL 13, 2023

Building on its WebEx product line, Cisco plans to deliver an air-gapped, cloud-based collaboration system for companies involved in US national security and defense work, extending the secure offerings the company already provides to industries that require collaboration tools with strong security measures to meet US government requirements.

Security Defenses

Security Defenses Internet Internet Government

Vulnerability Recap 5/13/24 – F5, Citrix & Chrome

eSecurity Planet

MAY 13, 2024

From the other end of the supply chain, many vendors build Cinterion Cellular Modems into their internet-of-things (IoT) or operations technology (OT) equipment such as sensors, meters, or even medical devices. May 5, 2024 Tinyproxy Vulnerability Potentially Exposes 50,000+ Hosts Type of vulnerability: Use after free.

Penetration Testing

Penetration Testing IoT Small Business Internet

7 Best Attack Surface Management Software for 2024

eSecurity Planet

DECEMBER 20, 2023

Visit Cycognito Pricing Through its SaaS architecture, CyCognito provides tiered pricing for security testing, intelligence, and premium support. Pricing is dependent on the quantity of Internet-facing assets. ASMS also provides insights into the risks associated with each asset and how to mitigate them.

Software

Software Risk Architecture Internet

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

In addition to securing internal assets, you also need to ensure SaaS data is protected. Check out our article on SaaS security checklist and learn how to create one. April 8, 2024 Multiple Vulnerabilities Discovered in LG WebOS Smart TVs Type of vulnerability: Authorization bypass, privilege escalation, command injection.

Firewall

Firewall VPN Software Risk

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall

Firewall Software Ransomware Penetration Testing

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software

Software Authentication CSO Accountability

VulnRecap 1/8/24 – Ivanti EPM & Attacks on Old Apache Vulnerabilities

eSecurity Planet

JANUARY 8, 2024

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. January 3, 2024 52% of Exposed SSH Servers Vulnerable to Terrapin Attack Type of attack: Secure Shell (SSH) vulnerability enables prefix truncation attacks. The countries with the top vulnerabilities include the USA (3.3

Encryption

Encryption Security Defenses Cybersecurity Internet

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication

Authentication Artificial Intelligence Software Cybersecurity

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection.

Firewall

Firewall Firmware IoT Authentication

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. While Teslas aren’t the typical business IoT device, their connection to the internet makes them a cyber threat as much as your business’s other IoT technology.

Hacking

Hacking IoT Firmware Cybersecurity

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

eSecurity Planet

FEBRUARY 16, 2024

government and defense institutions for intelligence gathering. Using web shells, they attacked weak internet servers, specifically a Houston port. In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. Volt Typhoon struck again on several U.S.

Internet

Internet Internet Cybersecurity Network Security

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication

Authentication Malware VPN Mobile

Dashlane 2024

eSecurity Planet

JANUARY 29, 2024

Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane. You can unsubscribe at any time.

Password Management

Password Management Passwords Authentication Accountability

Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

eSecurity Planet

APRIL 22, 2024

In an environment with many unpatched systems, prioritize the security tools expected to protect other systems. If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access.

Authentication

Authentication Firewall Encryption Cybersecurity

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Company instructions to keep hands off internal network traffic leads to internet service provider (ISP) suppression of only 1% of the 100,000 monthly outgoing DDoS attacks. globally, +19.8%

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Cisco+ Secure Connect SASE Review & Features 2023

eSecurity Planet

SEPTEMBER 26, 2023

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Cisco owners will likely find significantly better return-on-investment to upgrade to Cisco SASE because it builds off of their established Cisco foundation.

Firewall

Firewall DNS Architecture Technology

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT

IoT Internet Internet Ransomware

Cyber Security Informer

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

Cisco to offer Webex air-gapped cloud system for security, defense work

Trending Sources

Vulnerability Recap 5/13/24 – F5, Citrix & Chrome

7 Best Attack Surface Management Software for 2024

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

VulnRecap 1/8/24 – Ivanti EPM & Attacks on Old Apache Vulnerabilities

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

VulnRecap 1/16/24 – Major Firewall Issues Persist

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

Dashlane 2024

Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Cisco+ Secure Connect SASE Review & Features 2023

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Stay Connected