CSO US First Look
The day's top cybersecurity news and in-depth coverage
November 16, 2024
CISOs who delayed patching Palo Alto vulnerabilities now face real threat
CISA said it has evidence of active exploitation for two out of six Expedition vulnerabilities Palo Alto Networks patched in October.
Read more
Misconfigurations can cause many Microsoft Power Pages sites to expose sensitive data
Organizations that develop websites with Microsoft Power Pages can accidentally overprovision database privileges for authenticated or anonymous users, leading to the exposure of sensitive records, a researcher has found.
US says China conducted massive espionage through breached telcos
FBI and CISA have warned that some US telecommunication companies have been breached by China-backed Salt Typhoon to snoop on US secrets and maintain access.
How to defend Microsoft networks from adversary-in-the-middle attacks
Preventing, investigating, and cleaning up after potentially dangerous AiTM attacks requires a combination of techniques and processes.
Citrix admins advised to install hotfixes to block vulnerabilities
The holes could allow an authenticated hacker to use HTTP to get into Citrix Virtual Apps and Desktops.
Security awareness training: Topics, best practices, costs, free options
Security awareness training helps develop an information security mindset in your workforce, equipping employees with the knowledge to be your organizationâs first line of cyber defense.
NIST publishes timeline for quantum-resistant cryptography, but enterprises must move faster
NIST wants agencies to move off current encryption by 2035, but analysts say that enterprises cannot wait nearly that long; state actors are expected to achieve quantum at scale by 2028.