Authentication and Security Defenses - Cyber Security Informer

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. and earlier OpenEdge 12.2.13

Authentication

Authentication Software VPN Security Defenses

Blister malware using code signing certificates to evade anti malware detection

CyberSecurity Insiders

DECEMBER 27, 2021

As some hackers have developed a malware that uses code signing certificates to avoid detection by security defenses and has the tendency to download payloads onto a compromised system.

Malware

Malware Adware Security Defenses Spyware

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

February 20, 2024 VMware Plug-in Vulnerable to Session Hijacking Type of vulnerability: Security vulnerabilities affecting the deprecated VMware EAP. The problem: CVE-2024-22245 and CVE-2024-22250 put Windows domains vulnerable to authentication relay and session hijack attacks. and the Windows service (VMware Plug-in Service).

Risk

Risk Authentication System Administration Ransomware

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Duo's Security Blog

JULY 27, 2023

" Organizations use this information to audit, assess, and implement security defense-in-depth strategies to mitigate cybersecurity attacks. Defense Evasion Techniques Duo MFA can also help combat certain defense evasion techniques.

Authentication

Authentication Passwords Accountability Firewall

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

The problem: The March 12th Microsoft security patches introduced a memory leak flaw in the local security authority subsystem service (LSASS) process that consumes all physical and virtual memory on server Domain Controllers. Oglio tracks vulnerability CVE-2023-48022 , rated CVSS 9.8 (out out of 10), and calls it Shadow Ray.

Authentication

Authentication Artificial Intelligence Software Cybersecurity

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

eSecurity Planet

JANUARY 2, 2024

SonicWall researchers discovered that an Apache patch was incomplete, still permitting authentication bypass in open-source ERP software Apache OfBiz. And issues with Barracuda’s Email Secure Gateway persist, with an FBI safety warning about an older vulnerability still outstanding.

Authentication

Authentication Software Engineering Security Defenses

Zix tricks: Phishing campaign creates false illusion that emails are safe

SC Magazine

MAY 11, 2021

Researchers last week spotted a phishing campaign that leveraged an online email authentication solution from Zix, in hopes that potential victims would be lulled into a false sense of security. An Office 365 retail pack. Raysonho @ Open Grid Scheduler / Grid Engine, CC0, via Wikimedia Commons).

Phishing

Phishing Authentication Social Engineering Scams

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. The authenticated user must also be logged into an account on an instance of GHES. Affected keys included some encryption keys and the GitHub commit signing key. EPMM versions 11.10, 11.9

Authentication

Authentication Malware VPN Mobile

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

FEBRUARY 12, 2024

February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Both vulnerabilities affected authenticated users of Apache Oozie and Apache Ambari. Connect Secure 9.1R17.3 Connect Secure 9.1R18.4 Connect Secure 22.4R2.3

VPN

VPN Authentication Software Firewall

What Is DNS Security? Everything You Need to Know

eSecurity Planet

NOVEMBER 10, 2023

How DNS Security Works DNS security protects against compromise through layers of security and filtering similar to the way next generation firewalls (NGFW) protect communication data flows. What Are DNS Security Extensions (DNSSEC)?

DNS

DNS DDOS Encryption Authentication

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

eSecurity Planet

MARCH 19, 2024

Frequent Ransomware Target QNAP Discloses 3 Vulnerabilities Type of vulnerability: Improper authentication, injection vulnerability, SQL injection (SQLi). The other two vulnerabilities, CVE-2024-21900 and CVE-2024-21901, only merit medium ratings because they require authentication.

Authentication

Authentication VPN Software DDOS

To Fix DMARC Requires Angry Customers

eSecurity Planet

AUGUST 30, 2023

A new Cloudflare phishing report notes that most of the 1 billion brand impersonation emails the company detected “passed” SPF, DKIM, and DMARC email authentication protocols. Implementing all three email authentication protocols takes time, but does not cost significant money.

Authentication

Authentication Phishing Encryption Marketing

IaaS Security: Top 8 Issues & Prevention Best Practices

eSecurity Planet

DECEMBER 19, 2023

Breaking Authentication Attackers can get unauthorized access to the IaaS environment by exploiting weak authentication systems or weaknesses in the authentication process. This danger emphasizes the significance of having strong authentication mechanisms and upgrading access controls on a regular basis.

Encryption

Encryption Firewall Authentication Software

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

OCTOBER 30, 2023

The problem: Unpatched Citrix NetScaler ADC and Gateway appliances allow attackers to retrieve authentication session cookies and other information stored in buffers. allow for authentication bypass and gain root access to systems. account”) failed to verify secret tokens received for authentication before making API requests.

Authentication

Authentication Mobile Accountability Software

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

The technologies for secure remote access can range from VPNs and multi-factor authentication to more advanced access and zero trust controls. We’ll cover a range of best practices for remote access security, from the simple and the practical to the more advanced. It will only require your biometrics or hardware tokens.

Passwords

Passwords Authentication Encryption VPN

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

SEPTEMBER 5, 2023

Consider adopting network security measures like intrusion detection and prevention systems (IDPS) to identify and prevent harmful traffic from reaching your RocketMQ server. It is suspected that the Akira ransomware organization used an undisclosed weakness in Cisco VPN software to evade authentication.

VPN

VPN Authentication Ransomware Antivirus

A PowerShell Script to Mitigate Active Directory Security Risks

eSecurity Planet

OCTOBER 12, 2023

Note that NTLM was designed to perform authentication based on the challenge/response-based authentication system in which a client sends the plaintext username to the domain controller. If the data matches, then the client is allowed to authenticate. for better security. Disabling SMB Version 1.0

Risk

Risk Authentication Encryption Cybersecurity

Weekly Vulnerability Recap – December 18, 2023 – JetBrains TeamCity Exploits Continue

eSecurity Planet

DECEMBER 18, 2023

The problem: Google’s data processing and analytics engine Dataproc has insufficient security controls on two open firewall ports. If a threat actor has the Dataproc IP address, they can access it without authenticating themselves. Orca Security’s research group released an article covering this vulnerability.

Backups

Backups Firewall Engineering Software

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. Potential results of the exploits include authentication bypass and command injection. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update. Versions 9.x

Firewall

Firewall Firmware IoT Authentication

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. Akira carries out attacks via compromised user accounts, particularly ones that don’t have multi-factor authentication (MFA) enabled.

VPN

VPN Authentication Mobile Firewall

Email Security Recommendations You Should Consider from 2021

Cisco Security

AUGUST 17, 2021

Email Attachments: One of two main methods to penetrate security defenses with malicious content by email. You should prioritize and consult with your email security vendor to confirm coverage and available support. Organizations should consider multi-factor authentication across their email security clients such as Outlook.

Phishing

Phishing Technology Malware Authentication

VulnRecap 2/5/24 – Azure, Apple, Ivanti, & Mastodon at Risk

eSecurity Planet

FEBRUARY 5, 2024

January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. allows attackers with arbitrary read and write privileges to potentially overcome Pointer Authentication, which affects several Apple operating systems.

Risk

Risk Penetration Testing Authentication Software

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

eSecurity Planet

OCTOBER 11, 2023

Immersive Labs principal security engineer Rob Reeves told eSecurity Planet that the attack doesn’t require credentials or authentication in order to execute code on the system. Just because your Exchange Server doesn’t have internet-facing authentication doesn’t mean it’s protected.”

DDOS

DDOS Engineering Authentication Social Engineering

Spear Phishing Prevention: 10 Ways to Protect Your Organization

eSecurity Planet

AUGUST 23, 2023

10 Spear Phishing Prevention Techniques Organizations can significantly reduce their susceptibility to attacks from spear phishing and improve overall cybersecurity resilience by combining these strategies with the promotion of a culture of security consciousness. It provides an additional degree of security beyond just a login and password.

Phishing

Phishing Social Engineering Authentication Security Awareness

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

eSecurity Planet

SEPTEMBER 13, 2023

“Net-NTLMv2 hashes are used for authentication in Windows environments, and their disclosure can enable attackers to gain unauthorized access to sensitive information or systems via a relay attack or cracked offline to recover user credentials.”

Engineering

Engineering Security Defenses Risk Cybersecurity

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

January 23, 2024 POC Released, 96% of Fortra GoAnywhere MFT Still Vulnerable Type of vulnerability: Authentication bypass vulnerability can create new admin users on exposed admin portals. However, the flaw does not bypass two-factor authentication (2FA), so implementation of MFA can provide initial remediation.

Software

Software Authentication CSO Accountability

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. Akira carries out attacks via compromised user accounts, particularly ones that don’t have multi-factor authentication (MFA) enabled.

VPN

VPN Authentication Mobile Firewall

Protecting more with Site Isolation

Google Security

JULY 20, 2021

and Alex Moshchuk, Chrome Security Team Chrome's Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from other web sites. Posted by Charlie Reis? So far, Chrome has been isolating sites where users log in by entering a password.

Authentication

Authentication Passwords Security Defenses

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs). Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data.

Firewall

Firewall VPN Software Risk

Four ways to stay ahead of the AI fraud curve

SC Magazine

APRIL 7, 2021

Unfortunately, bad actors will weaponize deepfake technology for fraud as biometric-based authentication solutions are widely adopted. While AI increasingly gets used to automate repetitive tasks, improve security and identify vulnerabilities, hackers will in turn build their own ML tools to target these processes.

Digital transformation

Digital transformation Authentication Accountability Technology

New AI Threats Emerge as FraudGPT Creator Unleashes DarkBERT and DarkBART

eSecurity Planet

AUGUST 3, 2023

None of these security best practices are new, but increasingly sophisticated adversaries make it more important than ever to get them right. None of these security best practices are new, but increasingly sophisticated adversaries make it more important than ever to get them right.

Social Engineering

Social Engineering Cybercrime Engineering Cybersecurity

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

JANUARY 18, 2024

Anyone with sensitive data stored in the cloud is vulnerable in the event of data breach, so enforce strong encryption, authentication, and patching measures. Insecure Interfaces/APIs Attackers can use interface and API flaws to modify or circumvent security protections.

Risk

Risk Backups Encryption DDOS

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Krebs on Security

SEPTEMBER 14, 2022

An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. ” To turn on Lockdown Mode in iOS 16, go to Settings , then Privacy and Security , then Lockdown Mode.

Spyware

Spyware Cyber threats Security Defenses Cyber Attacks

Public Cloud Security Explained: Everything You Need to Know

eSecurity Planet

OCTOBER 16, 2023

Authentication guarantees that users are who they say they are, typically through usernames and passwords or multi-factor authentication (MFA). Authorization governs what activities users are permitted to take after being authenticated. To enhance security in a public cloud environment: Use strong authentication.

Encryption

Encryption DDOS Authentication Firewall

Healthcare Cyberattacks Lead to Increased Mortality, Lower Patient Care: Ponemon Study

eSecurity Planet

SEPTEMBER 9, 2022

Healthcare Security Defenses. Two of the more common healthcare cybersecurity defenses the report found are training and awareness programs and employee monitoring.

Healthcare

Healthcare Ransomware Cybersecurity Big data

A Ransomware Group Claims to Have Breached the Foxconn Factory

Hacker Combat

JUNE 2, 2022

After a severe ransomware assault has hit them, they devote the necessary time and money to strengthening their cyber security defenses. To reduce the chance of infiltration, use proper security practices such as never browsing links and downloading files from unknown sources. Final Remarks.

Ransomware

Ransomware Manufacturing Antivirus Cyber Risk

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 While needing authentication for exploitation decreases their severity, fraudsters may access Exchange credentials in a variety of ways, making these vulnerabilities substantial security threats.

Software

Software Education Firmware Ransomware

Vulnerability Recap 3/25/24 – More Ivanti Issues to Patch

eSecurity Planet

MARCH 25, 2024

The Standalone Security vulnerability affects versions 9.17.0, The vulnerability allows authenticated remote users to perform file writes to the Ivanti Neurons for ITSM server. If a threat actor had successfully exploited the vulnerability, they’d be able to force their victims to authenticate their session. and 9.19.0,

Computers and Electronics

Computers and Electronics Software Accountability Authentication

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

eSecurity Planet

APRIL 29, 2024

The problem: Progress Software released patches to fix CVE-2024-2389 in their Flowmon network performance and security software tool. Although web vulnerability search engines such as Shodan show less than 100 servers exposed to the internet, Flowmon’s customers tend to be the largest enterprises like KIA, Orange, TDK, and Volkswagen.

Firewall

Firewall Software Ransomware Penetration Testing

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

APRIL 12, 2024

Employ Authentication Methods for All Users & Devices A zero trust approach rejects any sort of inherent trust and requires continual verification of all users and devices. Implement stringent access rules, multi-factor authentication, and continuous monitoring to authenticate all access attempts, regardless of prior trust status.

Backups

Backups Encryption Data breaches Risk

Quantum Computing Threats: A How-to Guide for Preparing Your Company’s Cybersecurity Defenses

CyberSecurity Insiders

APRIL 13, 2023

Quantum Threats to Traditional Cybersecurity Systems and How to Upgrade Your Defenses As quantum computing continues to advance, it is important to understand which traditional cybersecurity systems and technologies are most at risk of being circumvented by quantum computing capabilities.

Cybersecurity

Cybersecurity Encryption Technology Authentication

The Clock is Ticking for PCI DSS 4.0 Compliance

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

Compliance madhav Tue, 09/19/2023 - 05:17 It is essential for any business that stores, processes, and transmits payment card information to comply with the Payment Card Industry Data Security Standard (PCI DSS). Consumers’ payment data is a compelling target for criminals who continue to circumvent IT security defenses.

Financial Services

Financial Services Data breaches Accountability Encryption

6 Takeaways From the Changes in OWASP’s Top 10 Vulnerability Ranking

CyberSecurity Insiders

OCTOBER 10, 2021

It is now regarded as the most serious web application security risk based on the data contributed to OWASP’s threat intelligence, which shows that 3.81 These details are in line with the notable rise of application security solutions including Runtime Application Self-Protection (RASP). As the name suggests, it is seventh on the list.

Cyber threats

Cyber threats Cyber Attacks Software Risk

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

The Last Watchdog

MAY 17, 2021

The Solarwinds hack highlighted supply chain risks; the Microsoft Exchange breach demonstrated how collaboration tools are being targeted; and, most recently, the Experian API hack , showed how authentication isn’t being guarded as rigorously as it needs to be.

Cloud Migration

Cloud Migration Banking Firewall Software

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

Blister malware using code signing certificates to evade anti malware detection

Trending Sources

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

Zix tricks: Phishing campaign creates false illusion that emails are safe

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

What Is DNS Security? Everything You Need to Know

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

To Fix DMARC Requires Angry Customers

IaaS Security: Top 8 Issues & Prevention Best Practices

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

16 Remote Access Security Best Practices to Implement

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

A PowerShell Script to Mitigate Active Directory Security Risks

Weekly Vulnerability Recap – December 18, 2023 – JetBrains TeamCity Exploits Continue

VulnRecap 1/16/24 – Major Firewall Issues Persist

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Email Security Recommendations You Should Consider from 2021

VulnRecap 2/5/24 – Azure, Apple, Ivanti, & Mastodon at Risk

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

Spear Phishing Prevention: 10 Ways to Protect Your Organization

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Protecting more with Site Isolation

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

Four ways to stay ahead of the AI fraud curve

New AI Threats Emerge as FraudGPT Creator Unleashes DarkBERT and DarkBART

How Secure Is Cloud Storage? Features, Risks, & Protection

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Public Cloud Security Explained: Everything You Need to Know

Healthcare Cyberattacks Lead to Increased Mortality, Lower Patient Care: Ponemon Study

A Ransomware Group Claims to Have Breached the Foxconn Factory

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Vulnerability Recap 3/25/24 – More Ivanti Issues to Patch

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

12 Data Loss Prevention Best Practices (+ Real Success Stories)

Quantum Computing Threats: A How-to Guide for Preparing Your Company’s Cybersecurity Defenses

The Clock is Ticking for PCI DSS 4.0 Compliance

6 Takeaways From the Changes in OWASP’s Top 10 Vulnerability Ranking

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

Stay Connected