Blog, Network Security and Security Defenses

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

eSecurity Planet

SEPTEMBER 13, 2023

Action1 vice president of vulnerability and threat research Mike Walters noted in a blog post that while CVE-2023-38148 seems particularly threatening due to its low attack complexity and since it requires no privileges or user interaction, it can only target systems in the same network segment as the attacker.

Engineering

Engineering Security Defenses Risk Media

Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office

eSecurity Planet

AUGUST 9, 2023

In a blog post , Ivanti vice president of product management Chris Goettl also highlighted CVE-2023-38180 , a denial of service vulnerability in.NET and Visual Studio that has a lower severity rating but is being actively exploited. The critical Outlook flaw, Barnett added, presents less of a threat. score is 7.5, score is 7.5,

Security Defenses

Security Defenses VPN Cybersecurity Engineering

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

JANUARY 11, 2024

Unmanaged endpoints lack installed protections and ransomware file exfiltration and replacement mimics normal data access traffic between the unmanaged endpoint and the network data resource. The Sophos X-Ops team highlighted the issue in a recent blog , which details how remote encryption evades multiple layers of network security.

Ransomware

Ransomware Encryption IoT VPN

New AI Threats Emerge as FraudGPT Creator Unleashes DarkBERT and DarkBART

eSecurity Planet

AUGUST 3, 2023

In his blog post , Kelley shared a video from CanadianKingpin12 that suggests DarkBERT will go well beyond the social engineering capabilities of the earlier tools with new “concerning capabilities.” Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Social Engineering

Social Engineering Cybercrime Engineering Cybersecurity

Power Management Vulnerabilities Could Shut Down Data Centers: Researchers

eSecurity Planet

AUGUST 12, 2023

effort to secure critical infrastructure. Defense Advanced Research Projects Agency (DARPA) announced a two-year competition to develop AI cybersecurity tools, with nearly $20 million in prizes. The Trellix researchers investigated several data center software platforms and hardware technologies as part of a U.S.

Authentication

Authentication Spyware DDOS Technology

Phishing Season 2025: The Latest Predictions Unveiled

Security Boulevard

FEBRUARY 10, 2025

In this shifting landscape, organizations must evolve their security strategies and incorporate advanced phishing prevention controls into their broader network security defenses. Follow Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to stay on top of the latest cyberthreats and security research.

Phishing

Phishing Mobile Encryption Social Engineering

Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)

CyberSecurity Insiders

FEBRUARY 2, 2022

.–( BUSINESS WIRE )– Menlo Security , a leader in cloud security, today announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. For more information on HEAT, please visit our blog, “ Too Hot to Handle.”.

Cloud Migration

Cloud Migration Malware Security Defenses Phishing

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

SEPTEMBER 5, 2023

Consider adopting network security measures like intrusion detection and prevention systems (IDPS) to identify and prevent harmful traffic from reaching your RocketMQ server. Microsoft’s container design isolates a container’s file system from the host system using dynamically created images.

VPN

VPN Authentication Ransomware Antivirus

‘Rapid Reset’ DDoS Attack Hits HTTP/2 Web Servers

eSecurity Planet

OCTOBER 10, 2023

“There are botnets today that are made up of hundreds of thousands or millions of machines,” Cloudflare said in a technical blog post on the vulnerability ( CVE-2023-44487 ). One troubling fact is that the attackers were able to generate the attack with a botnet of just 20,000 machines.

DDOS

DDOS Security Defenses Cybersecurity Software

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

eSecurity Planet

JULY 13, 2023

They found a tool called WormGPT “through a prominent online forum that’s often associated with cybercrime,” Kelley wrote in a blog post. ” The security researchers tested WormGPT to see how it would perform in BEC attacks.

Cybercrime

Cybercrime Phishing System Administration Marketing

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

The problem: VMware Carbon Black researchers detailed the findings in a blog post. Non-privileged threat actors can exploit these drivers to gain complete device control, execute arbitrary code, modify firmware, and escalate operating system privileges, posing a significant security risk.

Software

Software Firmware Ransomware Antivirus

How to Use BitDefender VPN on Any Device: 2024 Tutorial

eSecurity Planet

AUGUST 20, 2024

This blog provides a quick and easy guide on how to use Bitdefender VPN on any device you may have to ensure security and protection. Thanks to its extensive network of servers in different countries, users may easily circumvent geo-restrictions and access material regardless of location.

VPN

VPN Accountability Antivirus Passwords

Detecting Credential Stealing Attacks Through Active In-Network Defense

McAfee

SEPTEMBER 22, 2021

Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry points to host based security solutions deployed at the end user’s machines to counter the ever-increasing threats. Executive Summary.

Authentication

Authentication Accountability Encryption Malware

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

With so many free and low-cost threat intelligence feeds available today, it’s a smart move to integrate one or multiple feeds into your cybersecurity workflow and tools for additional security knowledge and detection capabilities. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Internet

Internet Internet Cybersecurity Malware

Cyber Security Informer

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office

Trending Sources

Why BYOD Is the Favored Ransomware Backdoor

New AI Threats Emerge as FraudGPT Creator Unleashes DarkBERT and DarkBART

Power Management Vulnerabilities Could Shut Down Data Centers: Researchers

Phishing Season 2025: The Latest Predictions Unveiled

Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

‘Rapid Reset’ DDoS Attack Hits HTTP/2 Web Servers

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

How to Use BitDefender VPN on Any Device: 2024 Tutorial

Detecting Credential Stealing Attacks Through Active In-Network Defense

6 Best Threat Intelligence Feeds to Use in 2023

Stay Connected