eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall 114

Firewall Software Ransomware Penetration Testing 114

eSecurity Planet

AUGUST 27, 2024

Make sure your security teams know their specific role in that process, and have frequent conversations about vulnerabilities so everyone knows what’s going on both in your infrastructure and in the industry overall. August 19, 2024 Critical WordPress Vulnerability Jeopardizes Millions of Sites Type of vulnerability: Privilege escalation.

Authentication 104

Authentication Firewall Software Security Defenses 104

eSecurity Planet

JULY 15, 2024

To reduce the risks caused by these vulnerabilities, affected users should apply patches, upgrade software, and strengthen security measures as soon as possible. July 8, 2024 Four Unpatched Flaws Discovered in Gogs Type of vulnerability: Multiple, including argument injection and file deletion.

Authentication 110

Authentication Backups Software Risk 110

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 121

Authentication VPN Software DDOS 121

eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Connect Secure 9.1R17.3

VPN 110

VPN Authentication Software Firewall 110

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 118

IoT Internet Internet Ransomware 118

eSecurity Planet

SEPTEMBER 2, 2024

Several major companies identified and addressed significant security and vulnerability problems in last week’s vulnerability news. SonicWall dealt with a serious access control vulnerability that affected its firewall systems. The problem: CVE-2024-40766 , a critical access control vulnerability with a 9.3

Risk 58

Risk Firewall Firmware Engineering 58

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 119

IoT Energy and Utilities Phishing Cryptocurrency 119

eSecurity Planet

SEPTEMBER 26, 2023

SD-WAN integration with the SASE controller for Meraki, Catalyst, and others Cisco Umbrella SIG unifies firewall, SWG, DNS-layer security, CASB, and threat intelligence functions into a single and well-tested cloud service. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Firewall 98

Firewall DNS Architecture Technology 98

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 115

Authentication Malware VPN Mobile 115

eSecurity Planet

SEPTEMBER 21, 2023

“It is expected to close by the end of the third quarter of calendar year 2024, subject to regulatory approval and other customary closing conditions including approval by Splunk shareholders,” the company’s press release stated.

Marketing 98

Marketing Threat Detection Cybersecurity Security Defenses 98

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 131

Identity Theft Data breaches Passwords Encryption 131

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 88

Ransomware Encryption Technology Malware 88

eSecurity Planet

JULY 8, 2024

July 1, 2024 OpenSSH Releases Security Updates to Address RCE Type of vulnerability: Signal handler race condition in OpenSSH server. The problem: CVE-2024-6387 is a signal handler race issue within OpenSSH’s server (sshd) that affects glibc-based Linux systems. The fix: OpenSSH issued updates to address CVE-2024-6387.

Risk 63

Risk Authentication Firmware Surveillance 63

eSecurity Planet

JULY 1, 2024

To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources. June 24, 2024 Ollama AI’s Probllama Vulnerability Enables RCE Type of vulnerability: Multiple, including remote code execution (RCE), path traversal, and insufficient input validation.

Risk 63

Risk Authentication Firmware Software 63

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication 63

Authentication Firewall Encryption Cybersecurity 63

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 52

Ransomware Encryption Technology Malware 52

eSecurity Planet

MAY 24, 2024

Consider applying these methods for checking your security controls: Ensure physical security: Verify the data center’s security measures, such as surveillance, access controls, and the presence of security officers, to prevent unwanted access. Encrypt data: Ensure that data is encrypted at rest and in transit.

Encryption 120

Encryption Risk Passwords Technology 120

eSecurity Planet

SEPTEMBER 13, 2024

From personal information like Social Security numbers and addresses to sensitive financial details, banks store a treasure trove of data that, if compromised, can lead to identity theft, fraud, and significant financial loss for individuals. Cyber security plays a crucial role in safeguarding this information from unauthorized access.

Banking 109

Banking Identity Theft DDOS Cyber threats 109

eSecurity Planet

OCTOBER 9, 2024

In February 2024 , Connectwise was also hit by hackers exploiting two major security vulnerabilities. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Software 63

Software Mobile Authentication Risk 63

eSecurity Planet

JULY 30, 2024

Network Engineer Network engineers and software engineers focused mainly on networking are responsible for the operations of a business network, as well as securing them. Security Director A director of cybersecurity, or potentially a director of IT who oversees security, manages all security initiatives within their organization.

Cybersecurity 124

Cybersecurity System Administration Engineering Firewall 124

eSecurity Planet

SEPTEMBER 12, 2024

4 Types of VPN Connection Firewall-based VPN These networks layer the security features of a firewall – including packet filtering, user-based access control, proxy service, and SSL inspection – over VPN functionality. There are many considerations, such as reliability, geographic reach, speed, cost, and security.

VPN 58

VPN Passwords Encryption Authentication 58

eSecurity Planet

DECEMBER 19, 2023

Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and will continue to present both overhyped possibilities and realized potential in 2024. In 2024, AI poisoning attacks will become the new software supply chain attacks.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

SecureWorld News

MARCH 5, 2025

Some expected implications include rising prices for firewalls, intrusion detection systems, and network security appliances; some vendors may delay major hardware refreshes or product launches; and increased costs for cloud security providers could trickle down to enterprises in the form of higher subscription fees.

Cyber Risk 124

Cyber Risk Risk Small Business Cyber Insurance 124