eSecurity Planet

SEPTEMBER 7, 2023

Much like the rest of technology, merger and acquisition (M&A) activity for cybersecurity companies has been in a slump this year. Startup Runways Dwindle A key factor that will likely drive more dealmaking activity is that CEOs of cybersecurity startups may not have much of a choice. And this may happen sooner than later.

Cybersecurity 112

Cybersecurity Marketing Software DDOS 112

eSecurity Planet

FEBRUARY 26, 2024

Organizations must prioritize implementing effective security measures and conducting frequent audits. To secure sensitive data, cybersecurity specialists, software vendors, and end users should encourage collaborative efforts against malicious activities. Attackers were seen attempting to disable security plug-ins.

Risk 112

Risk Authentication System Administration Ransomware 112

eSecurity Planet

JANUARY 2, 2024

4 January 1, 2024 Windows Vulnerability Allows DLL Exploitation Type of vulnerability: Bypassing privilege access requirements to exploit executables The problem: Researchers from Security Joes discovered a malicious code execution vulnerability in Windows 10 and 11. 1020000 1.26.10-gke.1235000 1235000 1.27.7-gke.1293000 1293000 1.28.4-gke.1083000

Authentication 94

Authentication Software Engineering Security Defenses 94

eSecurity Planet

APRIL 15, 2024

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security. Check out our article on SaaS security checklist and learn how to create one.

Firewall 102

Firewall VPN Software Risk 102

eSecurity Planet

FEBRUARY 5, 2024

Critical multi-platform vulnerabilities impacting diverse systems dominated the past week’s cybersecurity headlines. January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. Both affect J-Web and all Junos OS versions.

Risk 99

Risk Penetration Testing Authentication Software 99

eSecurity Planet

JANUARY 12, 2024

For enhanced security and threat detection, consider integrating SIEM tools with your cloud log management. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Technology 113

Technology Encryption Threat Detection Marketing 113

eSecurity Planet

DECEMBER 20, 2023

Attack surface management (ASM) is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation (BAS) and applies them to an organization’s entire IT environment, from networks to the cloud.

Software 109

Software Risk Architecture Internet 109

eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Connect Secure 9.1R17.3

VPN 106

VPN Authentication Software Firewall 106

eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. and iPadOS 17.4.

Authentication 105

Authentication Software VPN Security Defenses 105

eSecurity Planet

SEPTEMBER 3, 2024

For a deeper dive into Dashlane’s features and performance, check out this detailed Dashlane review for 2024. It incorporates strong network security measures to ensure your data remains protected. Dashlane utilizes 256-bit AES encryption, a top-tier encryption standard that secures your information against unauthorized access.

Password Management 92

Password Management Passwords Encryption VPN 92

eSecurity Planet

SEPTEMBER 9, 2024

RansomHub used multiple vulnerabilities to launch ransomware attacks, emphasizing the critical need for updates and strong security measures. Organizations and end users need prompt patching and thorough security policies to protect systems and data from high-risk vulnerabilities.

Firmware 96

Firmware Backups Firewall Risk 96

eSecurity Planet

AUGUST 7, 2024

Detection: Quickly detect security breaches to limit their damage. Given the scarcity of cybersecurity experts, use automated systems or third-party services to monitor and detect irregularities in your environment constantly. These situations demonstrate how gaps in cloud security can cause severe disruptions.

Architecture 90

Architecture DDOS Encryption Risk 90

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 105

Authentication VPN Software DDOS 105

eSecurity Planet

OCTOBER 8, 2024

Check your vendors’ security bulletins regularly, and make sure your team is prepared to fix vulnerabilities when they’re made known. October 2, 2024 Zimbra Email Servers Could See RCE Attacks Type of attack: Remote code execution. This flaw is tracked as CVE-2024-45519 and has a critical base score of 9.8. Kepler: version 9.0.0

Risk 102

Risk Malware Software Authentication 102

eSecurity Planet

JANUARY 8, 2024

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. January 3, 2024 52% of Exposed SSH Servers Vulnerable to Terrapin Attack Type of attack: Secure Shell (SSH) vulnerability enables prefix truncation attacks. For CVE-2023-7024, update to the latest version of Chrome.

Encryption 108

Encryption Security Defenses Cybersecurity Internet 108

eSecurity Planet

JUNE 18, 2024

Additionally, if you’re an Ivanti customer or use other products that frequently appear in our recaps and in security news, pay particularly careful attention. You’ll want to check for product security updates a couple of times a week. The fix: Upgrade your Pixel device to the most recent security update.

Firmware 98

Firmware Authentication Ransomware Software 98

eSecurity Planet

AUGUST 14, 2024

Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. In March 2024, Microsoft reported the discovery to OpenVPN through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Identity Theft 109

Identity Theft Data breaches Risk Internet 109

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. The exploitation disclosure led the US Cybersecurity Infrastructure and Security Agency (CISA) to add the vulnerability to the known exploited vulnerabilities (KEV) catalog. The problem: The CVSS 10.0/10.0

Firewall 96

Firewall Software Ransomware Penetration Testing 96

eSecurity Planet

JUNE 3, 2024

Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise. May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day.

VPN 101

VPN Authentication Passwords Software 101

eSecurity Planet

SEPTEMBER 16, 2024

September 9, 2024 RAMBO Attack Exploits Radio Signals to Steal Sensitive Data Type of vulnerability: Side-channel attack. The problem: Progress Software has published fixes to solve CVE-2024-7591 , a significant incorrect input validation flaw in LoadMaster and Multi-Tenant Hypervisor rated CVSS 10.0.

Software 90

Software Malware System Administration Encryption 90

eSecurity Planet

JULY 29, 2024

July 23, 2024 CISA Adds Two Vulnerabilities to Catalog Type of vulnerability: Use-after-free and information disclosure. The problem: The Cybersecurity and Infrastructure Security Agency (CISA) just added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. CVSS score.

Internet 93

Internet Internet Accountability Software 93

eSecurity Planet

JULY 22, 2024

Also, make sure your security team has a consistent schedule for monitoring industry news and vulnerabilities. July 1, 2024 Early July Splunk Enterprise Vulnerability Should Be Patched Immediately Type of vulnerability: Path traversal. It’s currently tracked as CVE-2024-36401. A proof of concept is available on GitHub.

Software 105

Software Authentication Malware Passwords 105

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 107

Firmware Software Wireless Security Defenses 107

eSecurity Planet

OCTOBER 1, 2024

September 24, 2024 Upgrade WhatsApp Gold to Fix Six New Flaws Type of vulnerability: Not yet specified. Progress Software, which owns WhatsApp Gold, released a security bulletin advising customers to upgrade their WhatsApp Gold instances to version 24.0.1. The vulnerability is tracked as CVE-2024-7593 and has a severity rating of 9.8.

Authentication 96

Authentication Software Internet Internet 96

eSecurity Planet

JUNE 20, 2024

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post Keeper vs Bitwarden (2024): Benefits & Features Compared appeared first on eSecurity Planet.

Password Management 88

Password Management Passwords Authentication Accountability 88

eSecurity Planet

JUNE 18, 2024

Rural hospitals face a unique challenge altogether — a lack of resources to invest in robust cybersecurity solutions, leaving their systems and patient data exposed. This new initiative aims to bolster cybersecurity defenses in these facilities by providing them with access to discounted (up to 75%) and even free cybersecurity solutions.

Cybersecurity 68

Cybersecurity Healthcare Computers and Electronics Data breaches 68

eSecurity Planet

FEBRUARY 2, 2024

Teslas have plenty of vulnerabilities, as cybersecurity researchers have recently discovered. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes. Physical premises security is important for cybersecurity as well.

Hacking 123

Hacking IoT Firmware Cybersecurity 123

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 91

Software Authentication CSO Accountability 91

eSecurity Planet

AUGUST 27, 2024

Make sure your security teams know their specific role in that process, and have frequent conversations about vulnerabilities so everyone knows what’s going on both in your infrastructure and in the industry overall. August 19, 2024 Critical WordPress Vulnerability Jeopardizes Millions of Sites Type of vulnerability: Privilege escalation.

Authentication 88

Authentication Firewall Software Security Defenses 88

eSecurity Planet

JUNE 21, 2024

Explore the different types of network security protection strategies to add more layers of protection against potential attacks and breaches. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Password Management 83

Password Management Passwords Encryption VPN 83

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 92

Firmware Software Wireless Security Defenses 92

eSecurity Planet

SEPTEMBER 21, 2023

In a blockbuster deal that could shake up the cybersecurity market, Cisco announced this morning that it will acquire Splunk for $28 billion. Cisco too has also lost ground to more nimble cybersecurity competitors but still boasts a strong customer base thanks to its networking dominance.

Marketing 80

Marketing Cybersecurity Threat Detection Security Defenses 80

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 98

Authentication Artificial Intelligence Software Cybersecurity 98

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection.

Firewall 101

Firewall Firmware IoT Authentication 101

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 106

Authentication Malware VPN Mobile 106

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 131

Identity Theft Data breaches Passwords Encryption 131

Security Affairs

DECEMBER 11, 2024

Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ “The attack campaign, which we have dubbed Operation Digital Eye, took place from late June to mid-July 2024, lasting approximately three weeks.”

Firewall 74

Firewall Malware Accountability Technology 74