Security News > 2023 > August

Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. Google offers a wide range of native security functionalities built-in to Chrome.

Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck said.

Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices, 69% of which have been patched for the flaw. CVE-2023-3519 exploited to drop webshells on NetScaler devices.

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that's used by 30,000 organizations.The vulnerabilities, collectively tracked as CVE-2023-32560, are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.

Two stack-based buffer overflow bugs have been discovered in Ivanti Avalanche, an enterprise mobility management solution. Ivanti released Avalanche version 6.4.1 security update on August 3, 2023, which also fixes additional RCE and authentication bypass vulnerabilities.

Get Norton 360 Standard on 2 Devices Plus Identity Theft Protection for $24.99 This exclusive bundle includes online dark web monitoring and identity theft support, so don't miss out on this discounted year-long subscription. With thousands of cyberattacks conducted each day, it's a good idea to protect your devices.

Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated mission of "Ensuring the responsible development and distribution of artificial intelligence technologies". To continue to research the potential societal risks posed by AI and its various applications To develop AI technologies designed to address society's most significant and pressing challenges.

In this Help Net Security interview, Kevin Paige, CISO at Uptycs, provides insights into how he navigates the complex cybersecurity landscape, striking a balance between technical expertise, effective communication, risk management, and adaptive leadership. As a CISO, how do you balance maintaining technical prowess with the need to communicate complex issues to stakeholders in simple terms?

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. CVE-2023-3519 refers to a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could lead to unauthenticated remote code execution.

The SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.