eSecurity Planet

SEPTEMBER 17, 2024

WordPress is introducing mandatory two-factor authentication (2FA) for all plugin and theme developers to tackle rising security threats, effective October 1, 2024. So, what exactly is 2FA, and how does it enhance security? This additional layer of security is crucial because passwords alone are often not enough.

Authentication 66

Authentication Passwords Accountability Data breaches 66

eSecurity Planet

JUNE 18, 2024

Additionally, if you’re an Ivanti customer or use other products that frequently appear in our recaps and in security news, pay particularly careful attention. You’ll want to check for product security updates a couple of times a week. The fix: Upgrade your Pixel device to the most recent security update.

Firmware 98

Firmware Authentication Ransomware Software 98

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 105

Authentication VPN Software DDOS 105

eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Policy Secure 9.1R17.3

VPN 106

VPN Authentication Software Firewall 106

eSecurity Planet

JUNE 3, 2024

Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise. May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. Block any passwords in the Common Password List.

VPN 101

VPN Authentication Passwords Software 101

eSecurity Planet

FEBRUARY 5, 2024

January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. The fix: Juniper Networks has published out-of-cycle fixes for CVE-2024-21619 and CVE-2024-21620 — apply fixes to the identified versions. tvOS 16.2,

Risk 99

Risk Penetration Testing Authentication Software 99

eSecurity Planet

SEPTEMBER 9, 2024

RansomHub used multiple vulnerabilities to launch ransomware attacks, emphasizing the critical need for updates and strong security measures. Organizations and end users need prompt patching and thorough security policies to protect systems and data from high-risk vulnerabilities.

Firmware 96

Firmware Backups Firewall Risk 96

eSecurity Planet

OCTOBER 1, 2024

September 24, 2024 Upgrade WhatsApp Gold to Fix Six New Flaws Type of vulnerability: Not yet specified. Progress Software, which owns WhatsApp Gold, released a security bulletin advising customers to upgrade their WhatsApp Gold instances to version 24.0.1. The vulnerability is tracked as CVE-2024-7593 and has a severity rating of 9.8.

Authentication 96

Authentication Software Internet Internet 96

eSecurity Planet

JUNE 20, 2024

5 Security: 4.4/5 5 Keeper is an enterprise password manager with plenty of basic features, as well as add-on modules for businesses that want advanced security functionality. Its core features include basic two-factor authentication, shared team folders, and activity reporting. 5 Pricing: 4.2/5 5 Core features: 4.3/5

Password Management 88

Password Management Passwords Authentication Accountability 88

eSecurity Planet

SEPTEMBER 3, 2024

Additionally, Dashlane supports two-factor authentication (2FA) to provide a layer of protection for your vault. For a deeper dive into Dashlane’s features and performance, check out this detailed Dashlane review for 2024. It incorporates strong network security measures to ensure your data remains protected.

Password Management 92

Password Management Passwords Encryption VPN 92

eSecurity Planet

JULY 22, 2024

Also, make sure your security team has a consistent schedule for monitoring industry news and vulnerabilities. July 1, 2024 Early July Splunk Enterprise Vulnerability Should Be Patched Immediately Type of vulnerability: Path traversal. It’s currently tracked as CVE-2024-36401. A proof of concept is available on GitHub.

Software 105

Software Authentication Malware Passwords 105

eSecurity Planet

AUGUST 27, 2024

Make sure your security teams know their specific role in that process, and have frequent conversations about vulnerabilities so everyone knows what’s going on both in your infrastructure and in the industry overall. August 19, 2024 Critical WordPress Vulnerability Jeopardizes Millions of Sites Type of vulnerability: Privilege escalation.

Authentication 88

Authentication Firewall Software Security Defenses 88

eSecurity Planet

APRIL 15, 2024

Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data. In addition to securing internal assets, you also need to ensure SaaS data is protected. Check out our article on SaaS security checklist and learn how to create one. The exploit has a CVSS severity of 9/10.

Firewall 102

Firewall VPN Software Risk 102

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 98

Authentication Artificial Intelligence Software Cybersecurity 98

eSecurity Planet

OCTOBER 8, 2024

Check your vendors’ security bulletins regularly, and make sure your team is prepared to fix vulnerabilities when they’re made known. October 2, 2024 Zimbra Email Servers Could See RCE Attacks Type of attack: Remote code execution. This flaw is tracked as CVE-2024-45519 and has a critical base score of 9.8. Kepler: version 9.0.0

Risk 102

Risk Malware Software Authentication 102

eSecurity Planet

JUNE 21, 2024

Keeper Overview Better for Cost, Secure Sharing & Customer Support Overall Rating: 4/5 Core features: 4.3/5 5 Security: 4.6/5 5 Keeper, a low-cost password manager, highlights security with strong end-to-end encryption and authentication. Subscribe The post Keeper vs Dashlane: Which Should You Use in 2024?

Password Management 83

Password Management Passwords Encryption VPN 83

eSecurity Planet

AUGUST 20, 2024

Happy patching, and don’t forget to watch your vendors’ security feeds consistently. August 12, 2024 Ivanti Runs Into Snag With Virtual Traffic Manager Type of vulnerability: Authentication bypass. The vendor didn’t notice any active exploits when it released the security notice. a critical rating.

Authentication 85

Authentication Firmware Technology Software 85

eSecurity Planet

AUGUST 7, 2024

Network layer: Protects data in transit and ensures safe network paths by utilizing firewalls, VPNs , and secure routing protocols. Session layer: Manages secure sessions by utilizing authentication protocols and session management mechanisms to prevent unauthorized access. You can unsubscribe at any time.

Architecture 90

Architecture DDOS Encryption Risk 90

eSecurity Planet

AUGUST 14, 2024

Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. In March 2024, Microsoft reported the discovery to OpenVPN through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Identity Theft 109

Identity Theft Data breaches Risk Internet 109

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 106

Authentication Malware VPN Mobile 106

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 91

Software Authentication CSO Accountability 91

eSecurity Planet

SEPTEMBER 16, 2024

September 9, 2024 RAMBO Attack Exploits Radio Signals to Steal Sensitive Data Type of vulnerability: Side-channel attack. The problem: Progress Software has published fixes to solve CVE-2024-7591 , a significant incorrect input validation flaw in LoadMaster and Multi-Tenant Hypervisor rated CVSS 10.0.

Software 90

Software Malware System Administration Encryption 90

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 107

Firmware Software Wireless Security Defenses 107

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 131

Identity Theft Data breaches Passwords Encryption 131

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. Versions 9.x

Firewall 101

Firewall Firmware IoT Authentication 101

eSecurity Planet

MAY 27, 2024

GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues. With these new fixes and updates, users impacted by these vulnerabilities should upgrade their systems as soon as possible, apply access restrictions, perform increased monitoring, and follow the general best practices for security.

Backups 68

Backups Authentication DDOS Engineering 68

eSecurity Planet

JULY 1, 2024

MOVEit Transfer had an authentication bypass that affected 2,700 instances. Apple issued updates for AirPods’ Bluetooth authentication bypass flaw. To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources.

Risk 63

Risk Authentication Firmware Software 63

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall 96

Firewall Software Ransomware Penetration Testing 96

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 92

Firmware Software Wireless Security Defenses 92

eSecurity Planet

JUNE 14, 2024

Keeper Overview Better for Pricing & Secure Password Management Overall Rating: 3.9/5 5 Security: 4.4/5 5 Keeper is an affordable password manager that excels at security. Strong password generator: Provides strong, random passwords that may be securely shared among individuals and teams. 5 Security: 3.7/5

Password Management 63

Password Management Passwords Authentication Accountability 63

eSecurity Planet

SEPTEMBER 6, 2024

Free and open-source applications are available, and two-factor authentication, for example, using a hardware fingerprint scanner, is more reliable. Multifactor authentication: For enhanced security, perhaps a password isn’t enough. There are many solutions available for your particular password management needs.

Password Management 63

Password Management Passwords Accountability Social Engineering 63

eSecurity Planet

JUNE 24, 2024

ASUS fixed authentication bypass and buffer overflow issues in its routers. To minimize future vulnerabilities, concerned users should prioritize frequent upgrades and strong security practices for all systems and applications. The problem: Microsoft patched a critical vulnerability ( CVE-2024-30078 ) with a severity score of 8.8

Firmware 63

Firmware Passwords Software Risk 63

Security Affairs

DECEMBER 11, 2024

Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ “The attack campaign, which we have dubbed Operation Digital Eye, took place from late June to mid-July 2024, lasting approximately three weeks.”

Firewall 74

Firewall Malware Accountability Technology 74

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication 63

Authentication Firewall Encryption Cybersecurity 63

eSecurity Planet

JUNE 10, 2024

June 3, 2024 Exploit Chain Enables RCE in Progress Telerik Report Servers Type of vulnerability: Chained remote code execution. The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). The fix: To fix both issues, update to version 10.1.24.514 or later.

Malware 62

Malware Authentication Software Telecommunications 62

eSecurity Planet

SEPTEMBER 5, 2024

The company has consistently emphasized its commitment to user privacy and security, assuring users that their data is protected by state-of-the-art encryption and security protocols. The breach occurred on September 1, 2024, when an unidentified hacker accessed Tracelo’s systems.

Data breaches 109

Data breaches Identity Theft Data privacy Risk 109

eSecurity Planet

SEPTEMBER 2, 2024

To reduce the potential risks, update all impacted software to the most recent version and evaluate your system processes for potential modifications and security enhancements. August 26, 2024 SonicWall Identifies Access Control Vulnerability Type of vulnerability: Improper access control.

Risk 58

Risk Firewall Firmware Engineering 58