eSecurity Planet

AUGUST 20, 2024

first, and then install the hotfix once you’ve updated the software. Third-Party Application Package Installed on Pixel Devices Type of vulnerability: Third-party application package installed on Pixel device firmware, with insufficient security controls. Install Web Help Desk version 12.8.3

Authentication 108

Authentication Firmware Technology Software 108

eSecurity Planet

JUNE 24, 2024

In last week’s vulnerability news, major companies performed recent patches to resolve critical vulnerabilities across various software and hardware platforms. Fortra remedied a hard-coded password issue in the FileCatalyst software. The problem: Security researchers reported a buffer overflow vulnerability ( CVE-2024-0762 , CVSS 7.5)

Firmware 64

Firmware Passwords Software Risk 64

eSecurity Planet

AUGUST 13, 2024

Select “General” and then “Software Update.” Then, you’ll need to restart Edge as prompted to apply those software updates. If exploited, the vulnerability would allow a threat actor to execute their own code within the processor’s firmware using System Management Mode (SMM). This can happen even when SMM is locked.

Firmware 105

Firmware Software Wireless Security Defenses 105

eSecurity Planet

NOVEMBER 6, 2023

See the Best Container & Kubernetes Security Solutions & Tools Oct. 31, 2023 Atlassian Warns of Critical Confluence Flaw Leading to Data Loss Type of attack: CVE-2023-22518 is an incorrect authorization vulnerability that affects all versions of Atlassian’s Confluence Data Center and Confluence Server software.

Software 114

Software Education Ransomware Firmware 114

eSecurity Planet

SEPTEMBER 9, 2024

An ICS consists of hardware and software systems that monitor and control industrial equipment and processes. DCS integrates both hardware and software for process control and monitoring. Encryption and secure communication protocols: Protecting data in transit between ICS components.

Firmware 111

Firmware Encryption Manufacturing Risk 111

eSecurity Planet

SEPTEMBER 11, 2023

The fix: ASUS released firmware updates to address the vulnerabilities. These weaknesses follow a group of 19 security flaws in SEL’s Real Time Automation Controller (RTAC) suite (CVE-2023-31148 through CVE-2023-31166) that were previously revealed. The fix: Those Issues and others have been fixed in the just-released 2.1.1

VPN 116

VPN Authentication Firmware Phishing 116

eSecurity Planet

JANUARY 22, 2024

Make sure your security teams are regularly checking vendors’ software and hardware updates for any patches, and keep a particular eye on networking equipment. The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities.

Authentication 116

Authentication Malware VPN Mobile 116

eSecurity Planet

FEBRUARY 21, 2024

11 Steps to Perform a Firewall Audit Free Firewall Audit Checklist Top 3 Firewall Audit Providers Frequently Asked Questions (FAQs) Bottom Line: Perform Firewall Audits Consistently Featured Partners: Next-Gen Firewall (NGFW) Software Learn More How Does a Firewall Audit Work? Check firmware, too. Is the OS up to date on all patches?

Firewall 116

Firewall Firmware Software Risk 116

eSecurity Planet

JULY 1, 2024

To improve security, users should update software on a regular basis, establish strong authentication procedures, and limit access to key resources. The problem: A serious security issue in Progress Software’s MOVEit Transfer ( CVE-2024-5806 ) lets attackers bypass SFTP authentication and imitate any user.

Risk 64

Risk Authentication Firmware Software 64

eSecurity Planet

SEPTEMBER 22, 2023

The Barracuda SecureEdge SASE Platform Barracuda’s SecureEdge platform integrates security capabilities with SD-WAN control to create a seamless SASE product controlled through a single software controller. Centralized control consolidates all security management and operations reporting through cloud-hosted control software.

Firewall 98

Firewall Marketing Firmware Technology 98

Security Boulevard

JUNE 23, 2022

Some risks specifically affecting IoT include : Built-in vulnerabilities : IoT devices are often shipped specifically for consumer use, without enterprise-grade encryption or security controls. Secure Firmware Updates Are a Necessity for Resilient IoT Deployments. Best Practices for Assuring the Software Supply Chain for IoT.

IoT 98

IoT Social Engineering Firmware Risk 98

eSecurity Planet

MAY 2, 2024

The vendor reports show that most attackers want credentials, most malware development is in credential-stealing software, and the market for stolen credentials is booming: Cisco: Found 54% of organizations experienced a cybersecurity incident; and of those incidents, 54% involved phishing and 37% involved credentials stuffing.

Cybersecurity 123

Cybersecurity DDOS Penetration Testing Passwords 123

eSecurity Planet

DECEMBER 10, 2023

Automate Patches and Updates Ensure strong network security by automating regular updates of firewall firmware and installing security patches as soon as they become available. Create a systematic strategy for monitoring vendor releases and implementing hardware and software updates.

Firewall 122

Firewall Network Security Backups Education 122

eSecurity Planet

SEPTEMBER 2, 2024

Several major companies identified and addressed significant security and vulnerability problems in last week’s vulnerability news. Traccar fixed severe path traversal flaws in its GPS tracking software. The fix: Upgrade to SonicWall’s firmware updates for Gen 5 (to version 5.9.2.14-13o),

Risk 59

Risk Firewall Firmware Engineering 59

eSecurity Planet

JULY 8, 2024

These vulnerabilities affected diverse areas, including network infrastructure, software libraries, IoT devices, and even CPUs. To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. Update your routers to the most recent versions ( 5.6.15, 6.1.9-lts,

Risk 64

Risk Authentication Firmware Surveillance 64

eSecurity Planet

JUNE 10, 2024

Timothy Hjort discovered these vulnerabilities , which allow the execution of OS commands and the uploading of malicious files, compromising the security of affected devices. The fix: Zyxel issued firmware patches 5.21(AAZF.17)C0 Regularly update anti-malware software and educate your personnel about phishing dangers.

Malware 82

Malware Authentication Software Telecommunications 82

eSecurity Planet

APRIL 30, 2024

Consider your other security measures like intrusion detection, VPNs , and content filtering. Component interoperability: Verify the compatibility with your current network infrastructure, including hardware and software. Consider load balancing, failover mechanisms, and your preference for hardware-based or software-based firewalls.

Firewall 64

Firewall Architecture Firmware Risk 64

eSecurity Planet

MAY 20, 2024

Note that some DIR-600 devices are end of life, so D-Link won’t release any firmware updates for these. CVE-2021-40655 is an information disclosure vulnerability that allows an attacker to forge a request and steal credentials; it affects DIR-605 routers.

VPN 64

VPN Firmware Malware Software 64

eSecurity Planet

MAY 27, 2024

Immediately update your QNAP devices to the most recent firmware to mitigate these issues. The fix: QNAP has released an emergency upgrade ( QTS 5.1.7.2770 version 20240520 ) that addresses CVE-2024-27130 and other issues. Check for future updates and be cautious while sharing download links to avoid exploitation.

Backups 69

Backups Authentication DDOS Engineering 69

eSecurity Planet

AUGUST 22, 2023

and installed software (operating systems, applications, firmware, etc.). Web browsing security manages internal or local domain name service (DNS), secure web gateways (SWGs), firewall settings, and other techniques, tools, and protocols used to block dangerous or unwanted websites and URLs.

Firewall 98

Firewall Telecommunications Penetration Testing Cybersecurity 98

eSecurity Planet

DECEMBER 7, 2023

A common example is the standard Transfer Layer Security (TLS) protocol used to enable secure website browsing. This feature can be included in firmware, in operating systems, or as a feature in open-source, shareware, or commercial applications. This article was originally written by Sam Ingalls and published on May 26, 2022.

Encryption 111

Encryption Passwords Authentication Password Management 111

SecureList

NOVEMBER 25, 2024

Many IoT devices rely on remote servers for control, but the security practices of the companies managing these servers are often unclear, resulting in new potential attack vectors on their infrastructure. Additionally, IoT devices frequently run on embedded systems with firmware that can be easily analyzed for vulnerabilities.

IoT 114

IoT Energy and Utilities Phishing Cryptocurrency 114

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The files warned owners that the MQTT software allowed “any valid credential to connect and control your printer.”

IoT 119

IoT Internet Internet Ransomware 119