Security News > 2024

He outlines the critical skills for CISOs in 2024, addresses the challenges they face, and underscores the importance of aligning enterprise expectations with information protection demands. ' One of the most painful realities for CISOs today is a continuing disconnect between enterprise/agency expectations for their CISO, and, what the CISO is actually tasked and funded to deliver.

In this Help Net Security video, Peter Manev, Chief Strategy Officer at Stamus Networks, discusses a pervasive problem plaguing security analysts called "Alert fatigue," - which occurs when security teams become desensitized to an overwhelming volume of alerts, causing them to miss or overlook critical events and have slower response times. The most talked about contributor to this problem is the number of alerts generated by threat detection systems.

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The...

The majority of Ops professionals feel that they are prohibited from accessing the data they need to make quick business decisions, which can lead to bad practices and impact the organization's overall data-driven decision-making capabilities. "IT is challenged to keep up with increasing demand for timely data access, while also ensuring the security and governance of that data," said Amit Sharma, CData CEO. "Flexible, secure data connectivity solutions ease the burden on IT and provide employees with the data they need to make impactful decisions for their business."

Over the past few administrations, the US government has worked tirelessly to rid its national networks of Chinese-made equipment from the likes of Huawei and ZTE over fears its presence could give Beijing insights into, or access to, networks relied on by the United States and its allies. RAN deployments by US carriers most feature kit from Samsung, Nokia, and Ericsson.

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds...

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency. Miscreants deploying Androxgh0st like to use three old CVEs in these credential-stealing attacks: CVE-2017-9841, a command injection vulnerability in PHPUnit; CVE-2018-15133, an insecure deserialization bug in the Laravel web application framework that leads to remote code execution; and CVE-2021-41773, a path traversal vulnerability in Apache HTTP Server that also leads to remote code execution.

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. "On December 26, 2023, GitHub received a report through our Bug Bounty Program demonstrating a vulnerability which, if exploited, allowed access to credentials within a production container. We fixed this vulnerability on GitHub.com the same day and began rotating all potentially exposed credential," said Github VP and Deputy Chief Security Officer Jacob DePriest.

Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three notable malware examples that can evade macOS's built-in anti-malware system, XProtect.

Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.The two zero-days impact the Netscaler management interface and expose unpatched Netscaler instances to remote code execution and denial-of-service attacks, respectively.