eSecurity Planet

SEPTEMBER 21, 2024

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post 2024 Cybersecurity Laws & Regulations appeared first on eSecurity Planet. You can unsubscribe at any time.

Cybersecurity 114

Cybersecurity Computers and Electronics Cyber threats Healthcare 114

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. 30% data breaches and +23% ransomware for the first two months of 2024. 80% feel moderately to very confident in defense. million per year for the average IT security budget.

Cybersecurity 103

Cybersecurity DDOS Penetration Testing Passwords 103

Hacker's King

OCTOBER 18, 2024

In 2024, cybersecurity and software engineering stand as two of the most critical fields shaping the tech industry. In this article, we'll explore why cybersecurity is poised to take center stage in 2024 , without diminishing the essential contributions of software engineers. What We Are Going to Read in This Article: 1.

Engineering 59

Engineering Software Cybersecurity Technology 59

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 112

Risk Authentication System Administration Ransomware 112

eSecurity Planet

JANUARY 12, 2024

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post 6 Best Cloud Log Management Services in 2024 Reviewed appeared first on eSecurity Planet. You can unsubscribe at any time.

Technology 113

Technology Encryption Threat Detection Marketing 113

eSecurity Planet

JANUARY 2, 2024

4 January 1, 2024 Windows Vulnerability Allows DLL Exploitation Type of vulnerability: Bypassing privilege access requirements to exploit executables The problem: Researchers from Security Joes discovered a malicious code execution vulnerability in Windows 10 and 11. 1020000 1.26.10-gke.1235000 1235000 1.27.7-gke.1293000 1293000 1.28.4-gke.1083000

Authentication 94

Authentication Software Engineering Security Defenses 94

eSecurity Planet

SEPTEMBER 3, 2024

For a deeper dive into Dashlane’s features and performance, check out this detailed Dashlane review for 2024. It incorporates strong network security measures to ensure your data remains protected. Dashlane utilizes 256-bit AES encryption, a top-tier encryption standard that secures your information against unauthorized access.

Password Management 92

Password Management Passwords Encryption VPN 92

eSecurity Planet

DECEMBER 20, 2023

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post 7 Best Attack Surface Management Software for 2024 appeared first on eSecurity Planet. You can unsubscribe at any time.

Software 109

Software Risk Architecture Internet 109

eSecurity Planet

AUGUST 7, 2024

Database Upgrade Affects Atlassian Jira Atlassian’s Jira project management platform experienced failure and downtime in January 2024 due to issues related to a scheduled database upgrade. How a secure cloud strategy could help: Change management: Include extensive testing and validation of modifications prior to deployment.

Architecture 91

Architecture DDOS Encryption Risk 91

eSecurity Planet

MARCH 11, 2024

And all IT and security teams should follow vulnerability news for vendor bulletins and updates. March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. and iPadOS 17.4.

Authentication 105

Authentication Software VPN Security Defenses 105

eSecurity Planet

FEBRUARY 5, 2024

January 29, 2024 Juniper Releases Updates for Critical RCE Vulnerabilities Type of vulnerability: Missing authentication flaw and cross-site scripting (XSS) vulnerability. The fix: Juniper Networks has published out-of-cycle fixes for CVE-2024-21619 and CVE-2024-21620 — apply fixes to the identified versions. macOS Ventura 13.1,

Risk 99

Risk Penetration Testing Authentication Software 99

eSecurity Planet

FEBRUARY 12, 2024

Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Connect Secure 9.1R17.3

VPN 106

VPN Authentication Software Firewall 106

eSecurity Planet

SEPTEMBER 9, 2024

RansomHub used multiple vulnerabilities to launch ransomware attacks, emphasizing the critical need for updates and strong security measures. Organizations and end users need prompt patching and thorough security policies to protect systems and data from high-risk vulnerabilities.

Firmware 96

Firmware Backups Firewall Risk 96

eSecurity Planet

APRIL 15, 2024

In addition to securing internal assets, you also need to ensure SaaS data is protected. Check out our article on SaaS security checklist and learn how to create one. April 8, 2024 Multiple Vulnerabilities Discovered in LG WebOS Smart TVs Type of vulnerability: Authorization bypass, privilege escalation, command injection.

Firewall 102

Firewall VPN Software Risk 102

eSecurity Planet

JUNE 18, 2024

Additionally, if you’re an Ivanti customer or use other products that frequently appear in our recaps and in security news, pay particularly careful attention. You’ll want to check for product security updates a couple of times a week. The fix: Upgrade your Pixel device to the most recent security update.

Firmware 98

Firmware Authentication Ransomware Software 98

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 105

Authentication VPN Software DDOS 105

eSecurity Planet

SEPTEMBER 16, 2024

September 9, 2024 RAMBO Attack Exploits Radio Signals to Steal Sensitive Data Type of vulnerability: Side-channel attack. The problem: Progress Software has published fixes to solve CVE-2024-7591 , a significant incorrect input validation flaw in LoadMaster and Multi-Tenant Hypervisor rated CVSS 10.0.

Software 90

Software Malware System Administration Encryption 90

eSecurity Planet

AUGUST 14, 2024

Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. In March 2024, Microsoft reported the discovery to OpenVPN through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Identity Theft 109

Identity Theft Data breaches Risk Internet 109

eSecurity Planet

OCTOBER 8, 2024

Check your vendors’ security bulletins regularly, and make sure your team is prepared to fix vulnerabilities when they’re made known. October 2, 2024 Zimbra Email Servers Could See RCE Attacks Type of attack: Remote code execution. This flaw is tracked as CVE-2024-45519 and has a critical base score of 9.8. Kepler: version 9.0.0

Risk 102

Risk Malware Software Passwords 102

eSecurity Planet

JUNE 20, 2024

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Subscribe The post Keeper vs Bitwarden (2024): Benefits & Features Compared appeared first on eSecurity Planet. You can unsubscribe at any time.

Password Management 88

Password Management Passwords Authentication Accountability 88

eSecurity Planet

OCTOBER 1, 2024

September 24, 2024 Upgrade WhatsApp Gold to Fix Six New Flaws Type of vulnerability: Not yet specified. Progress Software, which owns WhatsApp Gold, released a security bulletin advising customers to upgrade their WhatsApp Gold instances to version 24.0.1. The vulnerability is tracked as CVE-2024-7593 and has a severity rating of 9.8.

Authentication 96

Authentication Software Internet Internet 96

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 107

Firmware Software Wireless Security Defenses 107

eSecurity Planet

JULY 29, 2024

If you’re part of an IT or security team responsible for handling vulnerabilities, make sure your team has a way to be immediately updated when new issues arise. July 23, 2024 CISA Adds Two Vulnerabilities to Catalog Type of vulnerability: Use-after-free and information disclosure. CVSS score.

Internet 93

Internet Internet Accountability Software 93

eSecurity Planet

JANUARY 8, 2024

Here’s a roundup of the week’s major vulnerabilities that security teams should mitigate or patch. January 3, 2024 52% of Exposed SSH Servers Vulnerable to Terrapin Attack Type of attack: Secure Shell (SSH) vulnerability enables prefix truncation attacks. For CVE-2023-7024, update to the latest version of Chrome.

Encryption 108

Encryption Security Defenses Cybersecurity Internet 108

eSecurity Planet

JULY 22, 2024

Also, make sure your security team has a consistent schedule for monitoring industry news and vulnerabilities. July 1, 2024 Early July Splunk Enterprise Vulnerability Should Be Patched Immediately Type of vulnerability: Path traversal. It’s currently tracked as CVE-2024-36401. A proof of concept is available on GitHub.

Software 105

Software Authentication Malware Passwords 105

eSecurity Planet

JUNE 3, 2024

Check your vendors’ security bulletins regularly, and make sure your team is following security news to patch issues as soon as they arise. May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. The vulnerability is tracked as CVE-2024-1086.

VPN 101

VPN Authentication Passwords Software 101

eSecurity Planet

JUNE 21, 2024

Explore the different types of network security protection strategies to add more layers of protection against potential attacks and breaches. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Password Management 84

Password Management Passwords Encryption VPN 84

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software. Consider reading more about forensic tools and processes to investigate attacks. The problem: The CVSS 10.0/10.0

Firewall 96

Firewall Software Ransomware Penetration Testing 96

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 91

Software Authentication CSO Accountability 91

eSecurity Planet

AUGUST 27, 2024

Make sure your security teams know their specific role in that process, and have frequent conversations about vulnerabilities so everyone knows what’s going on both in your infrastructure and in the industry overall. August 19, 2024 Critical WordPress Vulnerability Jeopardizes Millions of Sites Type of vulnerability: Privilege escalation.

Authentication 89

Authentication Firewall Software Security Defenses 89

eSecurity Planet

AUGUST 13, 2024

Look at our rundown, and make sure your security teams are apprised of any relevant vulnerabilities from this past week’s news. August 5, 2024 Another Apache OfBiz Vulnerability to Watch Type of vulnerability: Remote code execution. August 12, 2024 OpenSSH Flaw Opens the Door for RCE Type of vulnerability: Remote code execution.

Firmware 92

Firmware Software Wireless Security Defenses 92

eSecurity Planet

SEPTEMBER 6, 2024

Top Password Managers of 2024 We’ve reviewed the top enterprise password managers, individually and head-to-head , elsewhere in the TechAdvice online universe. You can start your search with our evaluations of the top offerings for 2024 , or drill down deeper with one of our product-specific and head-to-head reviews.

Password Management 63

Password Management Passwords Accountability Social Engineering 63

eSecurity Planet

APRIL 1, 2024

While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks. March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. Upgrade versions 7.2.0

Authentication 98

Authentication Artificial Intelligence Software Cybersecurity 98

eSecurity Planet

MAY 27, 2024

With these new fixes and updates, users impacted by these vulnerabilities should upgrade their systems as soon as possible, apply access restrictions, perform increased monitoring, and follow the general best practices for security. The fix: Fluent Bit developers have published version 3.0.4 , which addresses CVE-2024-4323.

Backups 68

Backups Authentication DDOS Engineering 68

eSecurity Planet

AUGUST 20, 2024

Happy patching, and don’t forget to watch your vendors’ security feeds consistently. August 12, 2024 Ivanti Runs Into Snag With Virtual Traffic Manager Type of vulnerability: Authentication bypass. The vendor didn’t notice any active exploits when it released the security notice. a critical rating.

Authentication 85

Authentication Firmware Technology Software 85

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection.

Firewall 101

Firewall Firmware IoT Authentication 101

eSecurity Planet

JUNE 24, 2024

To minimize future vulnerabilities, concerned users should prioritize frequent upgrades and strong security practices for all systems and applications. June 17, 2024 Microsoft Patches Multiple Vulnerabilities, Including RCE in Wi-Fi Driver Type of vulnerability: Remote code execution. in their June 2024 Patch Tuesday.

Firmware 63

Firmware Passwords Software Risk 63