eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. and iPadOS 17.4.

Authentication 96

Authentication Software VPN Security Defenses 96

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 96

Authentication VPN Software DDOS 96

eSecurity Planet

FEBRUARY 5, 2024

January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. The fix: Juniper Networks has published out-of-cycle fixes for CVE-2024-21619 and CVE-2024-21620 — apply fixes to the identified versions. macOS Ventura 13.1,

Risk 89

Risk Penetration Testing Authentication Software 89

eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Connect Secure 9.1R17.3

VPN 99

VPN Authentication Software Firewall 99

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 83

Software Authentication CSO Accountability 83

eSecurity Planet

JANUARY 8, 2024

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. January 3, 2024 52% of Exposed SSH Servers Vulnerable to Terrapin Attack Type of attack: Secure Shell (SSH) vulnerability enables prefix truncation attacks. For CVE-2023-7024, update to the latest version of Chrome.

Encryption 101

Encryption Security Defenses Cybersecurity Internet 101

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 88

Authentication Artificial Intelligence Software Cybersecurity 88

eSecurity Planet

MARCH 25, 2024

March 13, 2024 Fortra Vulnerability Could Result in Remote Code Execution Type of vulnerability: Directory traversal in Fortra’s FileCatalyst workflow, potentially leading to remote code execution. The directory traversal vulnerability is tracked as CVE-2024-25153 and has a critical rating of 9.8. X version of the software.

Computers and Electronics 62

Computers and Electronics Software Accountability Authentication 62

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection.

Firewall 91

Firewall Firmware IoT Authentication 91

eSecurity Planet

DECEMBER 19, 2023

Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and will continue to present both overhyped possibilities and realized potential in 2024. In 2024, AI poisoning attacks will become the new software supply chain attacks.

Cybersecurity 136

Cybersecurity CISO Government Technology 136

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 96

Authentication Malware VPN Mobile 96

eSecurity Planet

SEPTEMBER 21, 2023

“It is expected to close by the end of the third quarter of calendar year 2024, subject to regulatory approval and other customary closing conditions including approval by Splunk shareholders,” the company’s press release stated.

Marketing 72

Marketing Cybersecurity Threat Detection Security Defenses 72

eSecurity Planet

FEBRUARY 2, 2024

Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes. This year, electric cars were a major focal point of the 2024 event, called Pwn2Own Automotive.

Hacking 117

Hacking IoT Firmware Cybersecurity 117

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Financial Services 77

Financial Services Data breaches Accountability Encryption 77

eSecurity Planet

JANUARY 29, 2024

Get Free Dashlane Access Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post Dashlane 2024 appeared first on eSecurity Planet. You can unsubscribe at any time.

Password Management 100

Password Management Passwords Authentication Accountability 100

eSecurity Planet

FEBRUARY 16, 2024

In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. Want to strengthen your organization’s digital defenses? Read the common types of network security solutions next. Volt Typhoon struck again on several U.S.

Internet 98

Internet Internet Cybersecurity Network Security 98

Security Boulevard

JANUARY 18, 2024

Organizations first looked to augment their existing web application security tools and processes to “address” API security. Unfortunately, the security challenges associated with APIs can't be solved by simply updating existing testing tools and edge security defenses to check-the-box technologies that claim to provide "API security."

Risk 57

Risk Government Artificial Intelligence Threat Detection 57

eSecurity Planet

MARCH 15, 2024

in February 2024, it serves as an extensive repository of hacking tools and techniques to actively assist users in managing complex cybersecurity protection strategies. It uses advanced natural language processing to provide insights into both offensive and defensive cyber activities. Now, with the beta release of HackerGPT 2.0

Mobile 96

Mobile Hacking Education Cybersecurity 96

eSecurity Planet

SEPTEMBER 7, 2023

“Despite slower deal volumes in 2023, M&A interest in cybersecurity remains high and I expect we’ll see an uptick in activity later this year and into 2024,” said Chris Stafford, who is a partner in West Monroe’s M&A Practice. And this may happen sooner than later.

Cybersecurity 102

Cybersecurity Marketing Software DDOS 102

eSecurity Planet

JANUARY 12, 2024

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post 6 Best Cloud Log Management Services in 2024 Reviewed appeared first on eSecurity Planet. You can unsubscribe at any time.

Technology 105

Technology Encryption Threat Detection Marketing 105

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication 62

Authentication Firewall Encryption Cybersecurity 62

eSecurity Planet

APRIL 12, 2024

Proofpoint’s 2024 data loss landscape report reveals 84.7% To keep data secure, have a strong cybersecurity posture that involves a combination of DLP and other types of security solutions. Integrate DLP with secure storage and backup solutions for comprehensive data protection.

Backups 118

Backups Encryption Data breaches Risk 118

eSecurity Planet

SEPTEMBER 26, 2023

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Cisco owners will likely find significantly better return-on-investment to upgrade to Cisco SASE because it builds off of their established Cisco foundation.

Firewall 90

Firewall DNS Architecture Technology 90

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 103

IoT Internet Internet Ransomware 103