Security News > 2023 > December

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below -...

Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch. The email, seen by The Register, warns of flaws rated 9.0 or higher on the Common Vulnerability Scoring System scale and offers a link to an advisory.

Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence. "While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS date," explained Jason Leznek, a member of Microsoft's Windows Servicing & Delivery team, in an statement.

A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.

With these realities in mind, I've got three predictions for 2024 that I hope will inspire security data decision-makers in the right direction. Data fabric platforms, data security posture management, and data science and machine language platforms are changing the game, unifying and simplifying access to enterprise security data.

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as...

Kubernetes has become a critical part of the infrastructure for many organizations. With its widespread adoption, Kubernetes environments have also become a target for cyber threats.

Nearly all organizations rely on the cloud to store sensitive data and run critical systems. 93% agree that zero-trust segmentation is essential to their cloud security strategy.

Cisco's executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle. Speaking at the Asia Pacific incarnation of the Cisco Live event today, in Melbourne, Australia, Patel offered the infosec maxim that attackers only need to get it right once, but defenders need to get it right every time.

GenAI success requires full enterprise support and turning the technology's friction points - BYOAI and coherent nonsense - into opportunities. Make trust an intrinsic part of their enterprise's genAI foundation.