eSecurity Planet

JUNE 3, 2024

Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise. May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. Block any passwords in the Common Password List.

VPN 110

VPN Authentication Passwords Software 110

eSecurity Planet

SEPTEMBER 16, 2024

To protect your devices, update and patch your software frequently, use strong passwords, install intrusion detection systems, and watch for any suspicious activity. September 9, 2024 RAMBO Attack Exploits Radio Signals to Steal Sensitive Data Type of vulnerability: Side-channel attack.

Software 109

Software Malware System Administration Encryption 109

eSecurity Planet

JUNE 18, 2024

Additionally, if you’re an Ivanti customer or use other products that frequently appear in our recaps and in security news, pay particularly careful attention. You’ll want to check for product security updates a couple of times a week. The fix: Upgrade your Pixel device to the most recent security update.

Firmware 114

Firmware Authentication Ransomware Software 114

eSecurity Planet

OCTOBER 8, 2024

Check your vendors’ security bulletins regularly, and make sure your team is prepared to fix vulnerabilities when they’re made known. October 2, 2024 Zimbra Email Servers Could See RCE Attacks Type of attack: Remote code execution. This flaw is tracked as CVE-2024-45519 and has a critical base score of 9.8. Kepler: version 9.0.0

Risk 110

Risk Malware Software Passwords 110

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 131

Identity Theft Data breaches Passwords Encryption 131

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 115

Risk Authentication System Administration Ransomware 115

eSecurity Planet

AUGUST 21, 2024

Navigating the complexities of password management can be challenging, especially if you’re new to it. LastPass, a leading password manager, offers a robust solution for securely storing and managing your organization’s digital assets. Enter your email address and create a strong master password.

Password Management 114

Password Management Passwords Accountability Authentication 114

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 115

Software Authentication CSO Accountability 115

eSecurity Planet

AUGUST 14, 2024

Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. In March 2024, Microsoft reported the discovery to OpenVPN through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Identity Theft 115

Identity Theft Data breaches Internet Internet 115

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 121

Authentication VPN Software DDOS 121

eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. and iPadOS 17.4.

Authentication 110

Authentication Software VPN Security Defenses 110

eSecurity Planet

JUNE 14, 2024

Keeper and LastPass are password managers best fit for small to medium organizations, providing fundamental password management and login functionality. Both solutions improve password protection; however, their focus differs. LastPass highlights user experience, whereas Keeper promotes better security. 5 Security: 4.4/5

Password Management 63

Password Management Passwords Authentication Accountability 63

eSecurity Planet

SEPTEMBER 17, 2024

WordPress is introducing mandatory two-factor authentication (2FA) for all plugin and theme developers to tackle rising security threats, effective October 1, 2024. This move supports the platform’s security by preventing unauthorized access to developer accounts and protecting millions of websites from potential supply-chain attacks​.

Authentication 92

Authentication Passwords Accountability Data breaches 92

eSecurity Planet

JUNE 28, 2024

Simply Show Hooks (version 1.2.1) “This plugin has been closed as of June 24, 2024 and is not available for download. Strong, unique passwords for each of your WordPress accounts can significantly enhance security, too. Additionally, use security plugins specifically designed for WordPress.

Risk 114

Risk Passwords Accountability Malware 114

eSecurity Planet

APRIL 15, 2024

You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs). Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data. Consider exploring virtual desktop infrastructure.

Firewall 110

Firewall VPN Software Risk 110

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 110

Firmware Software Wireless Security Defenses 110

eSecurity Planet

JULY 10, 2024

Details of the Data Leak: Emergence, Type & Culprit The data leak first came to light in early July 2024 when a user known as “888” posted information on a hacking forum. Password managers can be helpful for creating and managing complex passwords.

Passwords 120

Passwords Password Management Marketing Identity Theft 120

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Broadcom Patches Brocade SANnav Flaw 19 Months After Discovery Type of vulnerability: Password storage.

Firewall 114

Firewall Software Ransomware Penetration Testing 114

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 105

Firmware Software Wireless Security Defenses 105

eSecurity Planet

AUGUST 20, 2024

Happy patching, and don’t forget to watch your vendors’ security feeds consistently. August 12, 2024 Ivanti Runs Into Snag With Virtual Traffic Manager Type of vulnerability: Authentication bypass. The vendor didn’t notice any active exploits when it released the security notice. a critical rating.

Authentication 107

Authentication Firmware Technology Software 107

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 118

IoT Internet Internet Ransomware 118

eSecurity Planet

JUNE 10, 2024

June 3, 2024 Exploit Chain Enables RCE in Progress Telerik Report Servers Type of vulnerability: Chained remote code execution. The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). Users should upgrade to the most recent Confluence versions to address CVE-2024-21683.

Malware 81

Malware Authentication Software Telecommunications 81

eSecurity Planet

JUNE 24, 2024

Fortra remedied a hard-coded password issue in the FileCatalyst software. To minimize future vulnerabilities, concerned users should prioritize frequent upgrades and strong security practices for all systems and applications. The problem: Microsoft patched a critical vulnerability ( CVE-2024-30078 ) with a severity score of 8.8

Firmware 63

Firmware Passwords Software Risk 63

eSecurity Planet

AUGUST 20, 2024

After the installation, SIGN IN to your Bitdefender Central account using your username and password. Let the VPN finish installing, then SIGN IN to your Bitdefender Central account with your username and password. Enter an administrator username and password, click Install Software , and wait until the installation completes.

VPN 58

VPN Accountability Antivirus Passwords 58

eSecurity Planet

SEPTEMBER 5, 2024

The company has consistently emphasized its commitment to user privacy and security, assuring users that their data is protected by state-of-the-art encryption and security protocols. The breach occurred on September 1, 2024, when an unidentified hacker accessed Tracelo’s systems.

Data breaches 115

Data breaches Identity Theft Data privacy Risk 115

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 118

IoT Energy and Utilities Phishing Cryptocurrency 118

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 110

Authentication Artificial Intelligence Software Risk 110

eSecurity Planet

MAY 13, 2024

May 5, 2024 Tinyproxy Vulnerability Potentially Exposes 50,000+ Hosts Type of vulnerability: Use after free. will contain the security fix, but the fix can be pulled from GitHub and manually applied for at-risk deployments exposed to the internet. May 8, 2024 Citrix Hypervisor 8.2 The fix: The next version Tinyproxy (1.11.2)

Penetration Testing 68

Penetration Testing IoT Small Business Internet 68

eSecurity Planet

MAY 24, 2024

To improve security and prevent unwanted access, best practices include limiting access to authorized users, enforcing strong password restrictions, and utilizing multi-factor authentication (MFA). Secure your storage methods: Encrypt and hash passwords and other authentication data to ensure their security.

Encryption 120

Encryption Risk Passwords Technology 120

eSecurity Planet

SEPTEMBER 2, 2024

To reduce the potential risks, update all impacted software to the most recent version and evaluate your system processes for potential modifications and security enhancements. August 26, 2024 SonicWall Identifies Access Control Vulnerability Type of vulnerability: Improper access control.

Risk 58

Risk Firewall Firmware Engineering 58

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 88

Ransomware Encryption Technology Malware 88

eSecurity Planet

AUGUST 16, 2024

With cybersecurity becoming increasingly complex, it is necessary to have a good way to handle your passwords to keep all your private stuff safe. It’s got the best security features and is relatively easy to use. It makes dealing with passwords a breeze and tightens your digital life.

Password Management 63

Password Management Passwords Accountability Risk 63

eSecurity Planet

MAY 31, 2024

It released a report of the results and found that 88% of participants were able to trick a bot into exposing passwords. However, users found workarounds to convince the bot to reveal password data, including: Asking the bot for hints: Instead of asking for the password directly, users requested hints.

Artificial Intelligence 63

Artificial Intelligence Passwords Cybersecurity Security Defenses 63

eSecurity Planet

MAY 30, 2024

2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. million for the first three quarters of FY 2024. Ascension might try to blame financial troubles for lack of preparation. Ascension lost $2.66

Healthcare 124

Healthcare Cybersecurity Ransomware Backups 124

eSecurity Planet

SEPTEMBER 13, 2024

Cybercriminals use fraudulent emails, text messages, or websites designed to look legitimate to trick customers or employees into revealing sensitive information like account numbers, passwords, or personal details. Here are five effective cyber security solutions for banks: 1. This drastically reduces the risk of unauthorized access.

Banking 109

Banking Identity Theft DDOS Cyber threats 109

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication 63

Authentication Firewall Encryption Cybersecurity 63

eSecurity Planet

MARCH 15, 2024

in February 2024, it serves as an extensive repository of hacking tools and techniques to actively assist users in managing complex cybersecurity protection strategies. It uses advanced natural language processing to provide insights into both offensive and defensive cyber activities. Now, with the beta release of HackerGPT 2.0

Mobile 115

Mobile Hacking Education Cybersecurity 115