Citrix Addresses High-Severity Flaw in NetScaler ADC & Gateway | Microsoft Will Hold Execs Accountable for Cybersecurity

The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe. [TechWeb]( Follow Dark Reading: [RSS]( May 09, 2024 LATEST SECURITY NEWS & COMMENTARY [Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway]( The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe. [Microsoft Will Hold Executives Accountable for Cybersecurity]( At least a portion of executive compensation going forward will be tied to meeting security goals and metrics. [Billions of Android Devices Open to 'Dirty Stream' Attack]( Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations. [AT&T Splits Cybersecurity Services Business, Launches LevelBlue]( The new company will focus on cybersecurity services as a top 10 managed security service provider, but must expand outside the low-margin management of security into detection and response. [UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector]( An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system. [Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns]( Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more. [Dropbox Breach Exposes Customer Credentials, Authentication Data]( Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info. [Chinese Hackers Deployed Backdoor Quintet to Down MITRE]( MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain. [CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes]( The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year. [3-Year Iranian Influence Op Preys on Divides in Israeli Society]( Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model. [Supply Chain Breaches Up 68% Year Over Year, According to DBIR]( As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse. [Spies Among Us: Insider Threats in Open Source Environments]( Does the open source ecosystem needs stricter security around contributors? [The Psychological Underpinnings of Modern Hacking Techniques]( The tactics employed by hackers today aren't new; they're simply adapted for the digital age, exploiting the same human weaknesses that have always existed. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Security Teams & SREs Want the Same Thing: Let's Make It Happen]( Site reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams' experiences and outputs. [Innovation, Not Regulation, Will Protect Corporations From Deepfakes]( If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately. [Safeguarding Your Mobile Workforce]( Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks. [MORE]( PRODUCTS & RELEASES [Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure]( [runZero Research Explores Unexpected Exposures in Enterprise Infrastructure]( [BigID Launches Hybrid Scanning for Cloud Native Workloads]( [Introducing the NetBeacon Institute: Empowering a Safer Web]( [AttackIQ Partners With Cyber Poverty Line Institute to Provide Academy Courses to Underserved Communities]( [AXA XL Introduces Endorsement to Help Public Companies Address SEC Cyber Reporting Costs]( [MORE PRODUCTS & RELEASES]( RSA CONFERENCE NEWS [Blinken: Digital Solidarity Is 'North Star' for US Policy]( The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity; enhance security and combat cybercrime; promote human rights, democracy, and the rule of law; and address other transnational challenges. [What's the Future Path for CISOs?]( A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities. [Does CISA's KEV Catalog Speed Up Remediation?]( Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough. LATEST FROM THE EDGE [Tech Companies Promise Secure by Design Products]( Over 60 companies sign the secure by design pledge from CISA to consider security from the design phase and throughout the product life cycle. LATEST FROM DR TECHNOLOGY [Token Security Launches Machine-Centric IAM Platform]( Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system. LATEST FROM DR GLOBAL [LockBit Honcho Faces Sanctions, With Aussie Org Ramifications]( Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev. WEBINARS - [Extending Access Management: Securing Access for all Identities, Devices, and Applications]( - [Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Shining a light in the dark: observability and security, a SANS profile]( - [2023 Global Threat Report]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [Application Security's New Mandate in a DevOps World]( - [How Enterprises Secure Their Applications]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123361&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.09.24&sp_cid=53408&utm_content=DR_NL_Dark%20Reading%20Weekly_05.09.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#bd If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)