The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe.
Follow Dark Reading:
 May 09, 2024
LATEST SECURITY NEWS & COMMENTARY
Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway
The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe.
Microsoft Will Hold Executives Accountable for Cybersecurity
At least a portion of executive compensation going forward will be tied to meeting security goals and metrics.
Billions of Android Devices Open to 'Dirty Stream' Attack
Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.
AT&T Splits Cybersecurity Services Business, Launches LevelBlue
The new company will focus on cybersecurity services as a top 10 managed security service provider, but must expand outside the low-margin management of security into detection and response.
UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector
An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Dropbox Breach Exposes Customer Credentials, Authentication Data
Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.
Chinese Hackers Deployed Backdoor Quintet to Down MITRE
MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes
The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year.
3-Year Iranian Influence Op Preys on Divides in Israeli Society
Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model.
Supply Chain Breaches Up 68% Year Over Year, According to DBIR
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
Spies Among Us: Insider Threats in Open Source Environments
Does the open source ecosystem needs stricter security around contributors?
The Psychological Underpinnings of Modern Hacking Techniques
The tactics employed by hackers today aren't new; they're simply adapted for the digital age, exploiting the same human weaknesses that have always existed.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Security Teams & SREs Want the Same Thing: Let's Make It Happen
Site reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams' experiences and outputs.

Innovation, Not Regulation, Will Protect Corporations From Deepfakes
If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately.

Safeguarding Your Mobile Workforce
Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks.

MORE
PRODUCTS & RELEASES
Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure
runZero Research Explores Unexpected Exposures in Enterprise Infrastructure
BigID Launches Hybrid Scanning for Cloud Native Workloads
Introducing the NetBeacon Institute: Empowering a Safer Web
AttackIQ Partners With Cyber Poverty Line Institute to Provide Academy Courses to Underserved Communities
AXA XL Introduces Endorsement to Help Public Companies Address SEC Cyber Reporting Costs
MORE PRODUCTS & RELEASES
RSA CONFERENCE NEWS
Blinken: Digital Solidarity Is 'North Star' for US Policy
The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity; enhance security and combat cybercrime; promote human rights, democracy, and the rule of law; and address other transnational challenges.
What's the Future Path for CISOs?
A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities.
Does CISA's KEV Catalog Speed Up Remediation?
Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.
LATEST FROM THE EDGE

Tech Companies Promise Secure by Design Products
Over 60 companies sign the secure by design pledge from CISA to consider security from the design phase and throughout the product life cycle.
LATEST FROM DR TECHNOLOGY

Token Security Launches Machine-Centric IAM Platform
Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system.
LATEST FROM DR GLOBAL

LockBit Honcho Faces Sanctions, With Aussie Org Ramifications
Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us