The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe. [TechWeb]( Follow Dark Reading:
[RSS](
May 09, 2024 LATEST SECURITY NEWS & COMMENTARY [Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway](
The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe.
[Microsoft Will Hold Executives Accountable for Cybersecurity](
At least a portion of executive compensation going forward will be tied to meeting security goals and metrics.
[Billions of Android Devices Open to 'Dirty Stream' Attack](
Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.
[AT&T Splits Cybersecurity Services Business, Launches LevelBlue](
The new company will focus on cybersecurity services as a top 10 managed security service provider, but must expand outside the low-margin management of security into detection and response.
[UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector](
An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.
[Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns](
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
[Dropbox Breach Exposes Customer Credentials, Authentication Data](
Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.
[Chinese Hackers Deployed Backdoor Quintet to Down MITRE](
MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.
[CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes](
The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year â roughly 18% year-over-year.
[3-Year Iranian Influence Op Preys on Divides in Israeli Society](
Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model.
[Supply Chain Breaches Up 68% Year Over Year, According to DBIR](
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
[Spies Among Us: Insider Threats in Open Source Environments](
Does the open source ecosystem needs stricter security around contributors?
[The Psychological Underpinnings of Modern Hacking Techniques](
The tactics employed by hackers today aren't new; they're simply adapted for the digital age, exploiting the same human weaknesses that have always existed. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Security Teams & SREs Want the Same Thing: Let's Make It Happen]( Site reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams' experiences and outputs.
[Innovation, Not Regulation, Will Protect Corporations From Deepfakes]( If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately.
[Safeguarding Your Mobile Workforce]( Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks. [MORE]( PRODUCTS & RELEASES [Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure]( [runZero Research Explores Unexpected Exposures in Enterprise Infrastructure]( [BigID Launches Hybrid Scanning for Cloud Native Workloads]( [Introducing the NetBeacon Institute: Empowering a Safer Web]( [AttackIQ Partners With Cyber Poverty Line Institute to Provide Academy Courses to Underserved Communities]( [AXA XL Introduces Endorsement to Help Public Companies Address SEC Cyber Reporting Costs](
[MORE PRODUCTS & RELEASES]( RSA CONFERENCE NEWS [Blinken: Digital Solidarity Is 'North Star' for US Policy](
The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity; enhance security and combat cybercrime; promote human rights, democracy, and the rule of law; and address other transnational challenges.
[What's the Future Path for CISOs?](
A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities.
[Does CISA's KEV Catalog Speed Up Remediation?](
Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough. LATEST FROM THE EDGE [Tech Companies Promise Secure by Design Products](
Over 60 companies sign the secure by design pledge from CISA to consider security from the design phase and throughout the product life cycle. LATEST FROM DR TECHNOLOGY [Token Security Launches Machine-Centric IAM Platform](
Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system. LATEST FROM DR GLOBAL [LockBit Honcho Faces Sanctions, With Aussie Org Ramifications](
Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev. WEBINARS - [Extending Access Management: Securing Access for all Identities, Devices, and Applications](
- [Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Shining a light in the dark: observability and security, a SANS profile](
- [2023 Global Threat Report](
- [Cisco Panoptica for Simplified Cloud-Native Application Security](
- [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development](
- [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments](
- [Application Security's New Mandate in a DevOps World](
- [How Enterprises Secure Their Applications]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Waveâ¢: Security Analytics Platforms, Q4 2022](
- [2023 Global Threat Report](
- [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123361&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.09.24&sp_cid=53408&utm_content=DR_NL_Dark%20Reading%20Weekly_05.09.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#bd
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)