Citrix Addresses High-Severity Flaw in NetScaler ADC & Gateway | Microsoft Will Hold Execs Accountable for Cybersecurity

Categorieën: Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar

Laden...

6 maanden geleden

Html
Tekst

The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe.

Follow Dark Reading:

May 09, 2024

LATEST SECURITY NEWS & COMMENTARY

Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe. Microsoft Will Hold Executives Accountable for Cybersecurity At least a portion of executive compensation going forward will be tied to meeting security goals and metrics. Billions of Android Devices Open to 'Dirty Stream' Attack Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations. AT&T Splits Cybersecurity Services Business, Launches LevelBlue The new company will focus on cybersecurity services as a top 10 managed security service provider, but must expand outside the low-margin management of security into detection and response. UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system. Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more. Dropbox Breach Exposes Customer Credentials, Authentication Data Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info. Chinese Hackers Deployed Backdoor Quintet to Down MITRE MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain. CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year. 3-Year Iranian Influence Op Preys on Divides in Israeli Society Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model. Supply Chain Breaches Up 68% Year Over Year, According to DBIR As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse. Spies Among Us: Insider Threats in Open Source Environments Does the open source ecosystem needs stricter security around contributors? The Psychological Underpinnings of Modern Hacking Techniques The tactics employed by hackers today aren't new; they're simply adapted for the digital age, exploiting the same human weaknesses that have always existed. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Security Teams & SREs Want the Same Thing: Let's Make It Happen Site reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams' experiences and outputs. Innovation, Not Regulation, Will Protect Corporations From Deepfakes If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately. Safeguarding Your Mobile Workforce Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks. MORE

PRODUCTS & RELEASES

Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure runZero Research Explores Unexpected Exposures in Enterprise Infrastructure BigID Launches Hybrid Scanning for Cloud Native Workloads Introducing the NetBeacon Institute: Empowering a Safer Web AttackIQ Partners With Cyber Poverty Line Institute to Provide Academy Courses to Underserved Communities AXA XL Introduces Endorsement to Help Public Companies Address SEC Cyber Reporting Costs MORE PRODUCTS & RELEASES

RSA CONFERENCE NEWS

Blinken: Digital Solidarity Is 'North Star' for US Policy The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity; enhance security and combat cybercrime; promote human rights, democracy, and the rule of law; and address other transnational challenges. What's the Future Path for CISOs? A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities. Does CISA's KEV Catalog Speed Up Remediation? Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough. LATEST FROM THE EDGE
Tech Companies Promise Secure by Design Products Over 60 companies sign the secure by design pledge from CISA to consider security from the design phase and throughout the product life cycle. LATEST FROM DR TECHNOLOGY
Token Security Launches Machine-Centric IAM Platform Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system. LATEST FROM DR GLOBAL
LockBit Honcho Faces Sanctions, With Aussie Org Ramifications Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.

WEBINARS

Extending Access Management: Securing Access for all Identities, Devices, and Applications Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks

View More Dark Reading Webinars >>

WHITE PAPERS

Shining a light in the dark: observability and security, a SANS profile 2023 Global Threat Report Cisco Panoptica for Simplified Cloud-Native Application Security ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments Application Security's New Mandate in a DevOps World How Enterprises Secure Their Applications

View More White Papers >>

FEATURED REPORTS

Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022 2023 Global Threat Report EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity

View More Dark Reading Reports >>

Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Deel deze op

Laden...

Andere nieuwsbrieven van Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
9 uren geleden
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
11 uren geleden
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Gisteren om 14:04

Meer nieuwsbrieven van Informationweek.com

Laden...

Gerelateerde nieuwsbrieven

Bekijk andere categorieën

Diensten | Vakmensen Zakelijke goederen Financieel Kantoor Marketing Retail Detailhandel Industrie Machines