eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Connect Secure 9.1R17.3

VPN 106

VPN Authentication Software Firewall 106

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall 96

Firewall Software Ransomware Penetration Testing 96

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 105

Authentication VPN Software DDOS 105

eSecurity Planet

AUGUST 27, 2024

Make sure your security teams know their specific role in that process, and have frequent conversations about vulnerabilities so everyone knows what’s going on both in your infrastructure and in the industry overall. August 19, 2024 Critical WordPress Vulnerability Jeopardizes Millions of Sites Type of vulnerability: Privilege escalation.

Authentication 88

Authentication Firewall Software Security Defenses 88

Security Affairs

DECEMBER 11, 2024

Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ “The attack campaign, which we have dubbed Operation Digital Eye, took place from late June to mid-July 2024, lasting approximately three weeks.”

Firewall 74

Firewall Malware Accountability Technology 74

eSecurity Planet

SEPTEMBER 2, 2024

Several major companies identified and addressed significant security and vulnerability problems in last week’s vulnerability news. SonicWall dealt with a serious access control vulnerability that affected its firewall systems. The problem: CVE-2024-40766 , a critical access control vulnerability with a 9.3

Risk 58

Risk Firewall Firmware Engineering 58

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation.

Authentication 106

Authentication Malware VPN Mobile 106

eSecurity Planet

SEPTEMBER 26, 2023

SD-WAN integration with the SASE controller for Meraki, Catalyst, and others Cisco Umbrella SIG unifies firewall, SWG, DNS-layer security, CASB, and threat intelligence functions into a single and well-tested cloud service. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Firewall 95

Firewall DNS Architecture Technology 95

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 131

Identity Theft Data breaches Passwords Encryption 131

eSecurity Planet

JULY 1, 2024

To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources. June 24, 2024 Ollama AI’s Probllama Vulnerability Enables RCE Type of vulnerability: Multiple, including remote code execution (RCE), path traversal, and insufficient input validation.

Risk 63

Risk Authentication Firmware Software 63

eSecurity Planet

APRIL 22, 2024

If updates can’t be performed immediately, consider deploying additional security controls or at least disconnecting vulnerable devices from direct internet access. April 13, 2024 Delinea Secret Server Patched After Researcher’s Public Disclosure Type of vulnerability: Authentication bypass.

Authentication 63

Authentication Firewall Encryption Cybersecurity 63

eSecurity Planet

SEPTEMBER 21, 2023

“It is expected to close by the end of the third quarter of calendar year 2024, subject to regulatory approval and other customary closing conditions including approval by Splunk shareholders,” the company’s press release stated.

Marketing 80

Marketing Cybersecurity Threat Detection Security Defenses 80

eSecurity Planet

MAY 24, 2024

Consider applying these methods for checking your security controls: Ensure physical security: Verify the data center’s security measures, such as surveillance, access controls, and the presence of security officers, to prevent unwanted access. Encrypt data: Ensure that data is encrypted at rest and in transit.

Encryption 104

Encryption Risk Passwords Technology 104

eSecurity Planet

SEPTEMBER 13, 2024

From personal information like Social Security numbers and addresses to sensitive financial details, banks store a treasure trove of data that, if compromised, can lead to identity theft, fraud, and significant financial loss for individuals. Cyber security plays a crucial role in safeguarding this information from unauthorized access.

Banking 84

Banking Identity Theft DDOS Cyber threats 84

eSecurity Planet

OCTOBER 9, 2024

In February 2024 , Connectwise was also hit by hackers exploiting two major security vulnerabilities. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Software 63

Software Mobile Authentication Risk 63

eSecurity Planet

JULY 15, 2024

To reduce the risks caused by these vulnerabilities, affected users should apply patches, upgrade software, and strengthen security measures as soon as possible. July 8, 2024 Four Unpatched Flaws Discovered in Gogs Type of vulnerability: Multiple, including argument injection and file deletion.

Authentication 95

Authentication Backups Software Risk 95

eSecurity Planet

JULY 30, 2024

Network Engineer Network engineers and software engineers focused mainly on networking are responsible for the operations of a business network, as well as securing them. Security Director A director of cybersecurity, or potentially a director of IT who oversees security, manages all security initiatives within their organization.

Cybersecurity 122

Cybersecurity System Administration Engineering Firewall 122

eSecurity Planet

JULY 8, 2024

July 1, 2024 OpenSSH Releases Security Updates to Address RCE Type of vulnerability: Signal handler race condition in OpenSSH server. The problem: CVE-2024-6387 is a signal handler race issue within OpenSSH’s server (sshd) that affects glibc-based Linux systems. The fix: OpenSSH issued updates to address CVE-2024-6387.

Risk 63

Risk Authentication Firmware Surveillance 63

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 104

IoT Energy and Utilities Phishing Cryptocurrency 104

eSecurity Planet

SEPTEMBER 12, 2024

4 Types of VPN Connection Firewall-based VPN These networks layer the security features of a firewall – including packet filtering, user-based access control, proxy service, and SSL inspection – over VPN functionality. There are many considerations, such as reliability, geographic reach, speed, cost, and security.

VPN 58

VPN Passwords Encryption Authentication 58

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 88

Ransomware Encryption Technology Cybercrime 88

Digital Shadows

OCTOBER 29, 2024

In Q3 2024, ransomware service provider “RansomHub” emerged as the most dominant ransomware group, taking the mantle from “LockBit” and “ALPHV.” Our report spotlights five major threat actors dominating the cybersecurity landscape in 2024 that every professional should know about.

Ransomware 52

Ransomware Encryption Technology Cybercrime 52

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 111

IoT Internet Internet Ransomware 111