eSecurity Planet

AUGUST 28, 2023

We’ve compiled some recently active vulnerabilities — both old and new — for security teams to monitor, mitigate, patch, or even remove from your infrastructure altogether. August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform.

VPN 95

VPN Authentication Mobile Firewall 95

eSecurity Planet

OCTOBER 9, 2023

The sheer number of security issues underscores the need for strong patch and vulnerability management — and for cyber resilience that goes deeper than common preventive measures. The problem: Arm has issued a security alert on CVE-2023-4211 , an actively exploited vulnerability in its Mali GPU drivers.

Architecture 105

Architecture Ransomware Software Accountability 105

eSecurity Planet

AUGUST 14, 2023

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. August 12 , 2023 Ford Auto’s TI Wi-Fi Vulnerability The Internet of Things (IoT) continues to expand and become a threat to connected businesses. Adobe also updated their Commerce and Dimension software.

Software 98

Software Malware Internet Internet 98

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122

eSecurity Planet

JANUARY 29, 2024

The problem: Mandiant revealed possible 2021 exploitation by Chinese espionage attackers for CVE-2023-34048, an out-of-bounds weakness in protocol implementation first publicly reported in October 2023. The fix: Deploy the Apache security upgrades available since November 2023.

Software 115

Software Authentication CSO Accountability 115

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. Broadcom Patches Brocade SANnav Flaw 19 Months After Discovery Type of vulnerability: Password storage.

Firewall 114

Firewall Software Ransomware Penetration Testing 114

eSecurity Planet

APRIL 15, 2024

You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs). Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data.

Firewall 110

Firewall VPN Software Risk 110

eSecurity Planet

JUNE 21, 2024

Keeper and Dashlane are top password managers prioritizing multi-layered encryption systems for secure password sharing. Keeper emphasizes extensive security measures and is a more affordable option, while Dashlane promotes a user-friendly interface and robust administrative tools perfect for streamlining logins.

Password Management 103

Password Management Passwords Encryption VPN 103

eSecurity Planet

JUNE 20, 2024

Keeper and Bitwarden are password manager products that help your business manage its application credentials across all platforms. Bitwarden is great for mid-sized businesses and teams that want to self-host a password manager. 5 Security: 4.4/5 Keeper is a strong solution for both small businesses and large enterprises.

Password Management 108

Password Management Passwords Authentication Accountability 108

eSecurity Planet

FEBRUARY 19, 2024

On Thursday, February 15, the Cybersecurity and Infrastructure Security Agency added the vulnerability to its catalog after reports that it might be actively exploited again. Palo Alto’s Unit 42 research team said that Akira led the number of ransomware posts from new leak sites in 2023. Enabling logging.

VPN 114

VPN DNS Ransomware Software 114

eSecurity Planet

MAY 31, 2024

It released a report of the results and found that 88% of participants were able to trick a bot into exposing passwords. Beginning June 2023, Immersive Labs conducted a study in which users worked to convince chatbots to reveal sensitive information. It used 316,637 data samples from June to September 2023.

Artificial Intelligence 63

Artificial Intelligence Passwords Cybersecurity Security Defenses 63

eSecurity Planet

JANUARY 30, 2024

Centralize secrets and set storage to private: Keep API keys and passwords in a centralized, secure management system. Verizon’s 2023 Data Breach Investigations Report (DBIR) also reveals that inside actors were responsible for 83% of 2022 data breaches. Make the default data storage settings private.

Risk 128

Risk DDOS Data breaches Encryption 128

eSecurity Planet

MARCH 19, 2024

The problem: Cisco announced patches for 10 vulnerabilities (one critical, four high, five medium) affecting its IOS XR Software, SD-WAN vMaange, and Secure Client products. The vulnerability, CVE-2023-48788 , earns a critical CVSS score of 9.8

Authentication 121

Authentication VPN Software DDOS 121

eSecurity Planet

DECEMBER 7, 2023

Cryptographic keys can be random numbers, products of large prime numbers, points on an ellipse, or a password generated by a user. Weak passwords and short key lengths often allow quick results for brute force attacks that attempt to methodically guess the key to decrypt the data.

Encryption 115

Encryption Passwords IoT Firewall 115

eSecurity Planet

MARCH 11, 2024

We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023. The problem: CVE-2023-22527 , a remote code execution vulnerability in outdated versions of Atlassian Confluence Data Center and Confluence Server, is currently being actively exploited. and earlier OpenEdge 12.2.13

Authentication 110

Authentication Software VPN Security Defenses 110

eSecurity Planet

SEPTEMBER 14, 2023

To check whether the AdminSDHolder container was modified by someone you can check its “ WhenChanged ” attribute by going to the Attribute Editor as shown in the screenshot below: The AdminSDHolder container was created on 3/23/2023 (when the domain controller was deployed) and modified on 5/28/2023, as seen in the screenshot above.

Accountability 118

Accountability Marketing Cybersecurity Security Defenses 118

eSecurity Planet

MAY 13, 2024

The problem: Cisco Talos researchers published a proof of concept for CVE-2023-49606 and Censys detected over 50,000 potentially vulnerable Tinyproxy hosts. out of 10 and successful exploitation of these vulnerabilities can disclose user and administrator password hashes. Both flaws rate CVSSv3 7.5

Penetration Testing 68

Penetration Testing IoT Small Business Internet 68

eSecurity Planet

APRIL 16, 2024

The security researchers at Oligo Security discovered CVE-2023-48022 , dubbed ShadowRay , which notes that Ray fails to apply authorization in the Jobs API. Stolen credentials: Expose other resources to compromise through exposed passwords for OpenAI, Slack, Stripe, internal databases, AI databases, and more.

Cybersecurity 114

Cybersecurity Penetration Testing Internet Internet 114

eSecurity Planet

MAY 30, 2024

Table of Contents Toggle Recent Healthcare Attacks & Breaches 5 Key Cybersecurity Management Lessons to Learn Bottom Line: Learn Healthcare’s Lessons Before Suffering Pain Recent Healthcare Attacks & Breaches Large breaches affected over 88 million individuals in the USA in 2023, a 60% increase from 2022. Ascension lost $2.66

Healthcare 124

Healthcare Cybersecurity Ransomware Backups 124

eSecurity Planet

AUGUST 13, 2024

The vulnerability is tracked as CVE-2023-31315 and has a CVSS score of 7.5. The fix: AMD will patch some of its processors but not all; check out AMD’s security bulletin for a list of hardware that will receive a patch. The fix: The vendor currently offers no solution.

Firmware 110

Firmware Software Wireless Security Defenses 110

eSecurity Planet

AUGUST 9, 2024

In 2023, that number reached more than 29,000. You can only secure the traffic that goes on within your walls. While the apps on a personal device are a threat, a much bigger threat are conveniences offered by, for example, Google, which offers to “manage” passwords. Users must be educated in secure password protocols.

VPN 63

VPN Encryption Education Scams 63

eSecurity Planet

APRIL 1, 2024

The problem: A SQLi flaw tracked as CVE-2023-48788 permits remote code execution (RCE) with SYSTEM privileges in low complexity attacks that don’t require user interaction. However, Oligo Security researchers “found that thousands of publicly exposed Ray servers all over the world were already compromised.”

Authentication 110

Authentication Artificial Intelligence Software Risk 110

eSecurity Planet

AUGUST 13, 2024

The vulnerability is tracked as CVE-2023-31315 and has a CVSS score of 7.5. The fix: AMD will patch some of its processors but not all; check out AMD’s security bulletin for a list of hardware that will receive a patch. The fix: The vendor currently offers no solution.

Firmware 105

Firmware Software Wireless Security Defenses 105

eSecurity Planet

APRIL 12, 2024

Sample data classification from Proofpoint’s dashboard Train Employees on Their Roles in Data Security To initiate employee data security training, first examine the organization’s particular risk landscape and regulatory requirements. Integrate DLP with secure storage and backup solutions for comprehensive data protection.

Backups 134

Backups Encryption Data breaches Risk 134

eSecurity Planet

JANUARY 18, 2024

Cloud storage provides businesses with key benefits, such as flexibility, agility, business continuity, and faster deployment, all of which contribute to overall organizational responsiveness and better security. They cited lower risk, enhanced security, and cost savings as they go through migration.

Risk 126

Risk Backups Encryption DDOS 126

SC Magazine

APRIL 7, 2021

In fact, Gartner predicts that deepfakes will account for 20 percent of successful account takeover attacks by 2023, which results in cybercriminals gaining access to user accounts and locking the legitimate user out. Secure and manage AI to prevent malfunctions.

Authentication 66

Authentication Digital transformation Accountability Technology 66

eSecurity Planet

JUNE 10, 2024

This lets threat actors change setups and access sensitive personal information of millions of Cox customers, such as MAC addresses and Wi-Fi passwords. They performed a follow-up security review to ensure that the vulnerability had not been exploited previously.

Malware 81

Malware Authentication Software Telecommunications 81

eSecurity Planet

MARCH 15, 2024

HackerGPT, first launched in 2023, is a ChatGPT-powered tool that merges AI technology with cybersecurity-focused expertise. It uses advanced natural language processing to provide insights into both offensive and defensive cyber activities. Now, with the beta release of HackerGPT 2.0

Mobile 115

Mobile Hacking Education Cybersecurity 115

eSecurity Planet

DECEMBER 7, 2023

Users can establish a symmetric key to share private messages through a secure channel, like a password manager. Unfortunately, while symmetric encryption is a faster method, it is also less secure because sharing the key exposes it to theft.

Encryption 110

Encryption Passwords Authentication Password Management 110

eSecurity Planet

SEPTEMBER 8, 2023

Broken authentication happens because of poor password creation, compromised password storage systems, and vulnerabilities in the encrypted authentication framework. Duolingo In August 2023, news broke that the personal information of 2.6 Duolingo In August 2023, news broke that the personal information of 2.6

Authentication 110

Authentication Architecture Firewall Threat Detection 110

eSecurity Planet

SEPTEMBER 16, 2024

Notable incidents include AI-fueled Distributed Denial of Service (DDoS) attacks, such as a massive attack Google faced in 2023, which reached over 398 million requests per second, making it one of the largest in history. Amazon also suffered from a similar AI-driven DDoS attack.

Artificial Intelligence 135

Artificial Intelligence Threat Detection Phishing Cyber Attacks 135

eSecurity Planet

SEPTEMBER 2, 2024

The vulnerability stems from a static password used for the HSQL database, which allows remote attackers to acquire administrative privileges. This default credential vulnerability jeopardizes program security, integrity, and availability. This default credential vulnerability jeopardizes program security, integrity, and availability.

Risk 58

Risk Firewall Firmware Engineering 58

eSecurity Planet

APRIL 22, 2024

The problem: The command line interface (CLI) for AWS and Google Cloud can allow attackers with CLI access to obtain passwords, user names, and other secrets used to access cloud repositories. A similar flaw disclosed last year to Microsoft, CVE-2023-36052 , earned a CVSS score of 8.6.

Authentication 63

Authentication Firewall Encryption Cybersecurity 63

eSecurity Planet

OCTOBER 9, 2024

per year for the first year Personal key passwords, access via browser, remote reboot Table of Contents Toggle Risks of Using Remote Access Software How Can I Access Another Computer Remotely for Free? Provider Starting Price Notable Features RustDesk $19.90 This level of access can be problematic.

Software 63

Software Mobile Authentication Risk 63

eSecurity Planet

DECEMBER 19, 2023

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. 2023 cybersecurity issues will continue: Weak IT fundamentals, poor cybersecurity awareness, and ransomware will still cause problems and make headlines.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

eSecurity Planet

SEPTEMBER 12, 2024

Two-factor authentication relies on something the person has (a particular device, a fob or card, a virtual key, for example) and something a person knows (a password). Authentication is the most vulnerable process in a VPN due to poor password hygiene and other unsafe user practices. This can expose your business to multiple threats.

VPN 58

VPN Passwords Encryption Authentication 58

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Patch or isolated vulnerable Windows systems.

IoT 118

IoT Internet Internet Ransomware 118