Jane Frankland

NOVEMBER 20, 2023

My Predictions for Cybersecurity in 2023 were… Technology enables opportunities as fast as it introduces threats. Here are my predictions for 2023. By swapping implicit trust for identity-and context-based risk appropriate trust (users, devices, and services), companies will realise greater safeguards. Types of attacks.

Cybersecurity 130

Cybersecurity Digital transformation Artificial Intelligence Architecture 130

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? GenAI holds immense potential to supercharge productivity, but if you forget basic security hygiene, you’re opening yourself up to significant risk.

Cybersecurity 234

Cybersecurity Marketing Encryption CISO 234

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication 137

Authentication VPN Hacking Government 137

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 139

Authentication Ransomware VPN Hacking 139

The Last Watchdog

SEPTEMBER 24, 2024

The breach was initially caused by a third-party malicious actor who infiltrated NPD’s systems in December 2023. This drives public awareness of the risks associated with identity theft. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.

Authentication 215

Authentication Identity Theft Banking Data breaches 215

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. Implement Passwordless Strong Authentication Strong authentication is crucial in enhancing cybersecurity.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Security Boulevard

DECEMBER 20, 2023

Tracked as CVE-2023-45866, this flaw allows threat actors to exploit an authentication bypass, potentially gaining control over vulnerable devices, making Linux devices vulnerable, as well as Android and Apple ones. […] The post Shield Your Device: Mitigating Bluetooth Vulnerability Risks appeared first on TuxCare.

Risk 69

Risk Authentication Cybersecurity IoT 69

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product.

Authentication 98

Authentication Internet Internet Mobile 98

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Here are three evolving themes reverberating from RSAC 2023 that struck me: Getting a grip on identities Password enabled access will endure for the foreseeable future.

Mobile 211

Mobile Cloud Migration Penetration Testing Authentication 211

The Last Watchdog

APRIL 30, 2023

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Here are four evolving themes reverberating from RSAC 2023 that struck me: Password enabled access will endure for the foreseeable future. about the role of advanced wearable authentication devices, going forward.

Mobile 238

Mobile Cloud Migration Penetration Testing Authentication 238

eSecurity Planet

OCTOBER 11, 2023

Microsoft’s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP/2 “ Rapid Reset ” DDoS vulnerability. CVE-2023-41763 , an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3

DDOS 109

DDOS Engineering Authentication Social Engineering 109

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication 134

Authentication VPN Hacking Government 134

Adam Levin

AUGUST 7, 2020

The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk. According to the FBI notification, continued use of the platform “creates the risk of criminal exploitation.”. Use two-factor authentication where possible.

Risk 220

Risk Hacking Authentication Ransomware 220

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. Alarmingly, this API lacks any form of authentication, allowing virtually anyone, even a malicious website you might visit, to send commands to the CLI.

VPN 113

VPN Firmware Authentication Phishing 113

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 143

Software Accountability Authentication Internet 143

Malwarebytes

MAY 3, 2023

Following criticism, Google has decided to bring end-to-end encryption (E2EE) to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication ( 2FA ) tokens to the cloud, but the lack of encryption caused some commentators to warn people off using it.

Authentication 97

Authentication Encryption Backups Accountability 97

eSecurity Planet

FEBRUARY 5, 2024

Vendor risk management and collaboration within the industry further enhance your system’s resiliency. January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. Both affect J-Web and all Junos OS versions.

Risk 113

Risk Penetration Testing Authentication Software 113

CyberSecurity Insiders

DECEMBER 23, 2022

This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Identifiable Information leakages. Below are my top 5 predictions for Business Communication Compromise in 2023.

Social Engineering 142

Social Engineering Phishing Risk Engineering 142

The Hacker News

JUNE 26, 2023

Security and IT teams are routinely forced to adopt software before fully understanding the security risks. A February 2023 generative AI survey of 1,000 executives And AI tools are no exception.

Risk 98

Risk Authentication Software 98

eSecurity Planet

DECEMBER 7, 2022

But for 2023, cybersecurity will be a “key pillar” of the company’s focus – particularly data compliance and protection. There are many issues like API security, authentication, data residency, privacy and compliance. An area that Kakran is bullish on for 2023 is Kubernetes security and observability.

Cybersecurity 145

Cybersecurity Risk Technology Ransomware 145

eSecurity Planet

SEPTEMBER 5, 2023

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. CVE-2023-3519 was used by the attackers to infect computers, including misleading PowerShell scripts, malware payloads within normal processes, and PHP web shells for remote control. are affected.

VPN 104

VPN Authentication Ransomware Antivirus 104

eSecurity Planet

OCTOBER 30, 2023

See the Top Patch and Vulnerability Management tools October 23, 2023 Citrix NetScaler Vulnerability Under Active Attack Type of attack: Active exploitation of the high-risk Sensitive Information Disclosure vulnerability ( CVE-2023-4966 ) disclosed on October 10, 2023 and now known as Citrix Bleed.

Authentication 104

Authentication Mobile Accountability Software 104

CyberSecurity Insiders

DECEMBER 18, 2022

A look ahead to 2023 we can expect to see changes in MFA, continued Hactivism from non-state actors, CISOs lean in on more proactive security and crypto-jackers will get more savvy. In 2023, crypto-jackers will get more savvy and we might start to see the detrimental effects of what is usually considered inevitable or negligible.

Cybersecurity 125

Cybersecurity CISO Insurance Ransomware 125

eSecurity Planet

DECEMBER 18, 2023

December 11, 2023 Sonar Finds Three Vulnerabilities in Open-Source Firewall pfSense Type of vulnerability: Cross-site scripting and command injection. NIST has cataloged the three vulnerabilities as CVE-2023-42325 , CVE-2023-42327 , and CVE-2023-42326. pfSense CE 2.7.0 and below and pfSense Plus 23.05.1 Versions 2.7.1

Backups 113

Backups Firewall Engineering Software 113

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 112

Software Education Ransomware Firmware 112

Security Boulevard

JANUARY 30, 2024

Introduction On January 16 2024, Atlassian issued a ​​significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions.

Authentication 64

Authentication Risk 64

Security Affairs

AUGUST 24, 2023

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). and prior. “If

Internet 98

Internet Internet Authentication Risk 98

NopSec

DECEMBER 22, 2023

As we close out 2023 we do it with a bit of deja vu (depending on how sharp your memory is). We also dive into a JetBrains TeamCity authentication bypass vuln that results in trivial command execution. We also dive into a JetBrains TeamCity authentication bypass vuln that results in trivial command execution. Happy Holidays!

Authentication 59

Authentication Risk Engineering Encryption 59

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 94

Authentication Phishing Mobile Accountability 94

CyberSecurity Insiders

JANUARY 6, 2023

Here are some API security predictions for 2023: Prediction #1: There will be a major API security breach that forces faster regulatory action. Prediction #2: Leaders will see APIs as representing both security and business risks. Prediction #4: Organizations will right-size data storage to reduce risks.

CISO 118

CISO Financial Services Risk Unstructured Data 118

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 127

Authentication Passwords Social Engineering Accountability 127

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk 230

Risk VPN Internet Internet 230

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. In January 2023, CircleCI was breached. The increasing prevalence of code and services means that software- and code-related risks will not dissipate any time soon.

Authentication 222

Authentication CISO Passwords Software 222

CyberSecurity Insiders

APRIL 10, 2023

Why is identity management and security important in 2023? “In In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. This can help guard against identity theft and help prevent unwanted access.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk 127

Risk DDOS Data breaches Encryption 127

Security Affairs

MAY 30, 2023

PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. ” reads the announcement.

Authentication 98

Authentication Accountability Hacking Malware 98

Heimadal Security

JULY 26, 2023

Over 900,000 RouterOS routers are at risk and security specialists advise users to apply available patches immediately. CVE-2023-30799 enables remote and authenticated threat actors to escalate privileges from admin to super-admin on the Winbox or HTTP interface. Users Urged to Patch appeared first on Heimdal Security Blog.

Risk 78

Risk Authentication Cybersecurity 78