eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. Potential results of the exploits include authentication bypass and command injection. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update.

Firewall 97

Firewall Firmware IoT Authentication 97

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. and later releases of 13.1

Authentication 102

Authentication Malware VPN Mobile 102

eSecurity Planet

NOVEMBER 6, 2023

The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 The problem: A security problem in Apache ActiveMQ lets attackers control systems remotely, making them highly vulnerable. If account credentials are hacked, adding multi-factor authentication can prevent unwanted access.

Software 91

Software Education Firmware Ransomware 91

eSecurity Planet

SEPTEMBER 11, 2023

Alarmingly, this API lacks any form of authentication, allowing virtually anyone, even a malicious website you might visit, to send commands to the CLI. They can be remotely exploited without authentication, potentially enabling remote code execution, service disruptions, and arbitrary operations on the routers. via port 8076.

VPN 109

VPN Firmware Authentication Phishing 109

eSecurity Planet

DECEMBER 7, 2023

The three innovators and MIT patented the RSA algorithm, a proprietary system available through RSA Security until its public release in 2000. The RSA algorithm remains the most popular public key cryptographic system today and introduced the concept of digital signatures for authentication outside of academia.

Encryption 101

Encryption Authentication Passwords Password Management 101

eSecurity Planet

MARCH 4, 2024

February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. Azure-Connected IoT Vulnerable to Remote Code Execution Type of vulnerability: Internet of things (IoT) RCE vulnerability.

IoT 108

IoT Internet Internet Ransomware 108

eSecurity Planet

MAY 2, 2024

Password manager : Stores passwords securely, enforces quality, permits safe internal and external sharing, and ties into HR software for effective off-boarding of users. Multi-factor authentication : Protects stolen credentials against use by requiring more than a simple username and password combination for access to resources.

Cybersecurity 94

Cybersecurity DDOS Penetration Testing Passwords 94