Hacker's King

OCTOBER 18, 2024

In 2024, cybersecurity and software engineering stand as two of the most critical fields shaping the tech industry. In this article, we'll explore why cybersecurity is poised to take center stage in 2024 , without diminishing the essential contributions of software engineers. What We Are Going to Read in This Article: 1.

Engineering 59

Engineering Software Cybersecurity Technology 59

eSecurity Planet

JUNE 3, 2024

Last week, major security vendors Check Point and Okta both notified customers of threats, and an old Fortinet vulnerability reared its head when researchers published a proof of concept for it. Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise.

VPN 109

VPN Authentication Passwords Software 109

eSecurity Planet

JULY 15, 2024

To reduce the risks caused by these vulnerabilities, affected users should apply patches, upgrade software, and strengthen security measures as soon as possible. July 8, 2024 Four Unpatched Flaws Discovered in Gogs Type of vulnerability: Multiple, including argument injection and file deletion.

Authentication 109

Authentication Backups Software Risk 109

eSecurity Planet

AUGUST 14, 2024

Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. In March 2024, Microsoft reported the discovery to OpenVPN through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Identity Theft 113

Identity Theft Data breaches Risk Internet 113

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 119

Authentication VPN Software DDOS 119

eSecurity Planet

JANUARY 22, 2024

This week’s vulnerability news include GitHub credential access, a new Chrome fix, and hidden malware from pirated applications hosted on Chinese websites. Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment.

Authentication 113

Authentication Malware VPN Mobile 113

eSecurity Planet

APRIL 15, 2024

In addition to securing internal assets, you also need to ensure SaaS data is protected. Check out our article on SaaS security checklist and learn how to create one. April 8, 2024 Multiple Vulnerabilities Discovered in LG WebOS Smart TVs Type of vulnerability: Authorization bypass, privilege escalation, command injection.

Firewall 109

Firewall VPN Software Risk 109

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 119

IoT Energy and Utilities Phishing Cryptocurrency 119

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall 113

Firewall Software Ransomware Penetration Testing 113

eSecurity Planet

JANUARY 16, 2024

January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. This vulnerability is tracked as CVE-2024-21591. This threat actor has deployed at least five malware families using the Ivanti products.

Firewall 109

Firewall Firmware IoT Authentication 109

eSecurity Planet

JUNE 10, 2024

June 3, 2024 Exploit Chain Enables RCE in Progress Telerik Report Servers Type of vulnerability: Chained remote code execution. The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). Users should upgrade to the most recent Confluence versions to address CVE-2024-21683.

Malware 80

Malware Authentication Software Telecommunications 80

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 117

IoT Internet Internet Ransomware 117

eSecurity Planet

JUNE 28, 2024

Hackers with administrator access can deface websites, steal sensitive data like customer information, or even install malware that can harm visitors’ computers. If a hacker infiltrated a widely used library, they might have administered malware that would be embedded in all plugins using that library.

Risk 113

Risk Passwords Accountability Malware 113

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 88

Ransomware Encryption Technology Cybercrime 88

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 109

Authentication Artificial Intelligence Software Risk 109

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 130

Identity Theft Data breaches Passwords Encryption 130

Security Boulevard

APRIL 24, 2025

as a result of stronger email authentication protocols like DMARC and Googles sender verification, which blocked 265 billion unauthenticated emails.Education is under attack: Phishing in education surged 224%, with threat actors exploiting academic calendars, financial aid deadlines, and weak security defenses.

Phishing 71

Phishing Scams Cryptocurrency Authentication 71

eSecurity Planet

FEBRUARY 16, 2024

In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. They execute harmful acts using built-in operating system functions, such as Windows, rather than traditional malware. Want to strengthen your organization’s digital defenses?

Internet 113

Internet Internet Network Security Cybersecurity 113

eSecurity Planet

JULY 8, 2024

July 1, 2024 OpenSSH Releases Security Updates to Address RCE Type of vulnerability: Signal handler race condition in OpenSSH server. The problem: CVE-2024-6387 is a signal handler race issue within OpenSSH’s server (sshd) that affects glibc-based Linux systems. The fix: OpenSSH issued updates to address CVE-2024-6387.

Risk 62

Risk Authentication Firmware Surveillance 62

eSecurity Planet

JULY 1, 2024

To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources. June 24, 2024 Ollama AI’s Probllama Vulnerability Enables RCE Type of vulnerability: Multiple, including remote code execution (RCE), path traversal, and insufficient input validation.

Risk 62

Risk Authentication Firmware Software 62

eSecurity Planet

MAY 20, 2024

Microsoft Patch Tuesday takes center stage in this week’s vulnerability news, with a notable SharePoint Server vulnerability that’s been seen alongside Qakbot malware. This doubles as your weekly reminder to check your IT vendors’ security bulletins regularly and patch every vulnerability as soon as you learn about it.

VPN 62

VPN Firmware Malware Software 62

eSecurity Planet

SEPTEMBER 17, 2024

WordPress is introducing mandatory two-factor authentication (2FA) for all plugin and theme developers to tackle rising security threats, effective October 1, 2024. These attacks can have devastating consequences, impacting thousands or even millions of websites by introducing backdoors, malware , or even cryptomining scripts​.

Authentication 87

Authentication Passwords Accountability Data breaches 87

eSecurity Planet

SEPTEMBER 23, 2024

As always, keep up to date on all your vendors’ security updates and patches as soon as possible. The danger of security bulletins and proofs of concept is how quickly a threat actor can utilize them for an exploit. The flaw is tracked as CVE-2024-8963 and has a severity rating of 9.4 macOS Monterey 12.6.1 macOS Ventura 13.3

Backups 57

Backups Software Authentication IoT 57

eSecurity Planet

MAY 30, 2024

2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. million for the first three quarters of FY 2024. Ascension might try to blame financial troubles for lack of preparation. Ascension lost $2.66

Healthcare 123

Healthcare Cybersecurity Backups Ransomware 123

eSecurity Planet

SEPTEMBER 26, 2023

Pricing & Delivery Cisco+ Secure Connect can be purchased directly from Cisco or through Cisco partners. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Firewall 98

Firewall DNS Architecture Technology 98

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 52

Ransomware Encryption Technology Cybercrime 52

Security Boulevard

FEBRUARY 10, 2025

As phishing attacks continue to evolve, so should our defenses. Phishing predictions for 2025In our ThreatLabz 2024 Phishing Report, we shared the following key predictions for the year to come: Prediction 1: AI vs. AI will be an enduring challengeEnhanced AI capabilities increase the speed, scale, and automation of cyberattacks.

Phishing 64

Phishing Mobile Encryption Social Engineering 64

eSecurity Planet

SEPTEMBER 13, 2024

Real-world example: In 2024 , a sophisticated phishing network was dismantled after it targeted thousands of Australians, including customers of major banks. Malware & Ransomware Malware, including ransomware, is another major threat to the banking sector.

Banking 107

Banking Identity Theft DDOS Cyber threats 107

eSecurity Planet

MARCH 15, 2024

in February 2024, it serves as an extensive repository of hacking tools and techniques to actively assist users in managing complex cybersecurity protection strategies. It uses advanced natural language processing to provide insights into both offensive and defensive cyber activities. Now, with the beta release of HackerGPT 2.0

Mobile 113

Mobile Hacking Education Cybersecurity 113

eSecurity Planet

MAY 24, 2024

Consider applying these methods for checking your security controls: Ensure physical security: Verify the data center’s security measures, such as surveillance, access controls, and the presence of security officers, to prevent unwanted access. Encrypt data: Ensure that data is encrypted at rest and in transit.

Encryption 119

Encryption Risk Passwords Technology 119

eSecurity Planet

OCTOBER 9, 2024

In February 2024 , Connectwise was also hit by hackers exploiting two major security vulnerabilities. They can do all this while also not requiring much work on the hacker’s end, such as forcing them to create custom malware. As such, it’s important to utilize best practices when setting up and operating remote access solutions.

Software 62

Software Authentication Mobile Risk 62

eSecurity Planet

JULY 22, 2024

Also, make sure your security team has a consistent schedule for monitoring industry news and vulnerabilities. July 1, 2024 Early July Splunk Enterprise Vulnerability Should Be Patched Immediately Type of vulnerability: Path traversal. It’s currently tracked as CVE-2024-36401. A proof of concept is available on GitHub.

Software 113

Software Authentication Malware Passwords 113

eSecurity Planet

DECEMBER 19, 2023

Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and will continue to present both overhyped possibilities and realized potential in 2024. In 2024, AI poisoning attacks will become the new software supply chain attacks.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

eSecurity Planet

SEPTEMBER 12, 2024

Spoofing of login pages for legitimate public networks so users unsuspectingly log in to a fake network, which collects supposedly secure data. Malware distributed through the public network can install sophisticated attacks on a user’s device, spreading through the corporate network and compromising the entire enterprise.

VPN 57

VPN Encryption Passwords Authentication 57

SecureList

MAY 7, 2025

According to Kaspersky Security Network data, the number of ransomware detections decreased by 18% from 2023 to 2024 from 5,715,892 to 4,668,229. of them were related to ransomware in 2024, compared to 33.3% Below are some of the global trends that Kaspersky observed with ransomware in 2024. billion in 2023.

Ransomware 73

Ransomware Manufacturing Encryption Backups 73

SecureWorld News

MARCH 5, 2025

It turns out that Mexico experienced an estimated 31 billion cyberattacks just in the first half of 2024, an incredible number, or 55% of all cyberattacks in Latin America, making it the most attacked country in the region. These insiders have actually been paid by the threat actors to launch attacks or install malware.

Cyber Risk 119

Cyber Risk Risk Cyber Insurance Small Business 119