eSecurity Planet

FEBRUARY 19, 2024

Akira ransomware vulnerabilities have also surfaced in older Cisco products, and SolarWinds patched some remote code execution flaws in its Access Rights Manager product. Your IT teams should regularly check your vendors’ security bulletins for any vulnerability news or updates. The vulnerability CVE is CVE-2024-24691.

VPN 113

VPN DNS Ransomware Software 113

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 113

Risk Authentication System Administration Ransomware 113

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege.

Firewall 113

Firewall Software Ransomware Penetration Testing 113

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 119

Authentication VPN Software DDOS 119

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 113

Software Authentication CSO Accountability 113

eSecurity Planet

DECEMBER 19, 2023

2023 cybersecurity issues will continue: Weak IT fundamentals, poor cybersecurity awareness, and ransomware will still cause problems and make headlines. In 2024, AI poisoning attacks will become the new software supply chain attacks. However, 2024 will be the year that API security preparedness and threats gain momentum.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

eSecurity Planet

FEBRUARY 16, 2024

In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. Analysts and security software frequently struggle to spot malicious activity disguised as normal ones, complicating intrusion detection and mitigation efforts.

Internet 113

Internet Internet Cybersecurity Network Security 113