Artificial intelligence technology startup OpenAI has launched a $1 million cybersecurity grant program aimed at boosting defender-focused research and capabilities and measurements. OpenAI, makers of the popular ChatGPT bot application, plans to shell out grants in increments of US$10,000 USD in the form of API credits or direct funding for projects that empower defensive use-cases for generative … [Read more...]
Galvanick Banks $10 Million for Industrial XDR Technology
Galvanick, an early-stage startup working on an Extended Detection & Response (XDR) platform for industrial infrastructure, has scored $10 million in venture capital financing. The Los Angeles company, co-founded by cybersecurity veterans from the U.S. government and Amazon, said the seed-stage funding came from multiple investment firms, including MaC Venture Capital, Founders Fund, Village … [Read more...]
Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
Point32Health, the second-largest health insurer in Massachusetts, is in the process of informing more than 2.5 million individuals that their personal and protected health information was stolen in a recent ransomware attack. Identified on April 17 and initially disclosed on April 20, the attack impacted systems related to Point32Health’s Harvard Pilgrim Health Care, and resulted in the … [Read more...]
US, South Korea Detail North Korea’s Social Engineering Techniques
The United States and South Korea on Thursday warned of North Korean social engineering attacks targeting the employees of think tanks, academic and research institutions, and news media organizations. North Korea-linked advanced persistent threat (APT) actors such as APT43 and Kimsuky (also known as Black Banshee, Thallium, and Velvet Chollima) conduct spear-phishing campaigns posing as … [Read more...]
High-Severity Vulnerabilities Patched in Splunk Enterprise
Splunk on Thursday announced Splunk Enterprise security updates that resolve multiple high-severity vulnerabilities, including some impacting third-party packages used by the product. The most severe of these is CVE-2023-32707, a privilege escalation issue that allows low-privileged users with the ‘edit_user’ capability to escalate privileges to administrator, via a specially crafted web … [Read more...]
Idaho Hospitals Working to Resume Full Operations After Cyberattack
Two eastern Idaho hospitals and their clinics are working to resume full operations after a cyberattack on their computer systems. Officials with Idaho Falls Community Hospital said the attack happened Monday, causing some clinics to close, some ambulances to be diverted to nearby hospitals and their cafes to only accept cash. Mountain View Hospital, also located in Idaho Falls, was similarly … [Read more...]
Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
Biotechnology company Enzo Biochem has revealed that the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack. The incident, the company notes in a Form 8-K filing with the US Securities and Exchange Commission (SEC), occurred on April 6, resulting in certain systems being disconnected from the internet. On April 11, Enzo Biochem’s investigation … [Read more...]
Apple Denies Helping US Government Hack Russian iPhones
Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping US intelligence agencies hack iPhones. In a statement provided to SecurityWeek, an Apple spokesperson said, “We have never worked with any government to insert a backdoor into any Apple product and never will.” The statement comes in response to the Russian security service FSB … [Read more...]
Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
A zero-day vulnerability affecting Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data. Progress Software warned on May 31 that its MOVEit Transfer managed file transfer (MFT) software is affected by a critical SQL injection vulnerability that can be exploited by an unauthenticated attacker to access MOVEit Transfer databases. “Depending on the … [Read more...]
Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
Google today announced significantly higher bug bounty rewards for vulnerability reports containing full chain exploits leading to a sandbox escape in Chrome. Until December 1, 2023, the first report to contain a full chain exploit leading to a Chrome sandbox escape, Google says, may receive up to $180,000, or even more if cumulated with other bonuses, which is triple the current reward … [Read more...]
Russia Blames US Intelligence for iOS Zero-Click Attacks
Russian anti-malware vendor Kaspersky on Thursday said it discovered an APT actor launching zero-click iMessage exploits on iOS-powered devices in its corporate network. Kaspersky’s disclosure comes on the same day Russia’s Federal Security Service (FSB) blamed US intelligence agencies for an ongoing spy campaign targeting thousands of iOS devices belonging to domestic subscribers and foreign … [Read more...]
Toyota Discloses New Data Breach Involving Vehicle, Customer Information
Japanese car maker Toyota this week announced that cloud configuration issues have led to years-long exposure of customer data. The impacted environments, which are managed by Toyota Connected Corporation (TC), contain information related to the vehicles of Japanese customers, as well as the personal information of customers overseas. The incident, Toyota says, was the result of insufficient … [Read more...]
Cisco Acquiring Armorblox for Predictive and Generative AI Technology
Cisco on Wednesday announced that it’s acquiring California-based cybersecurity firm Armorblox for its artificial intelligence (AI) technology. Armorblox specializes in protecting organizations against threats that arrive over email and other cloud office applications. The company’s products are powered by natural language understanding (NLU) technology, which enables human-computer interaction … [Read more...]
Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Organizations using Moxa’s MXsecurity product have been informed about two potentially serious vulnerabilities that could be exploited by malicious hackers targeting operational technology (OT) networks. MXsecurity is an industrial network security management software designed for OT environments. Security researcher Simon Janz discovered recently that the product is impacted by a critical … [Read more...]
Amazon Settles Ring Customer Spying Complaint
Amazon on Wednesday agreed to pay $30.8 million to settle Ring and Alexa privacy complaints filed by US regulators,including accusations that employees spied on female customers, according to court documents. The Federal Trade Commission charged Amazon-owned home security camera company Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or … [Read more...]
Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
Some organizations can expose sensitive personal and corporate information by failing to properly deactivate Salesforce Community websites that are no longer used, according to data security and analytics company Varonis. Varonis reported identifying many such improperly deactivated websites, which the company has dubbed ‘Salesforce ghost sites’. These sites have been found to expose personally … [Read more...]
Adobe Inviting Researchers to Private Bug Bounty Program
Adobe on Wednesday called out for all researchers on the HackerOne vulnerability reporting platform to join its VIP private bug bounty program. The private program builds on the public Vulnerability Disclosure Program (VDP) that Adobe runs on the hacker-powered platform and promises higher rewards for the identified vulnerabilities and tighter collaboration with the research community. Maintained … [Read more...]
Critical Vulnerabilities Found in Faronics Education Software
Vulnerabilities identified in the Faronics Insight education software could lead to various types of attacks, including unauthenticated remote code execution (RCE), cybersecurity firm NCC Group warns. Deployed on-premises in schools, Faronics Insight operates based on the server-client model, allowing teachers to administer and control student devices, transfer files to and from devices, and view … [Read more...]
Chrome 114 Released With 18 Security Fixes
Google this week announced the release of Chrome 114 to the stable channel with a total of 18 security fixes inside, including 13 that resolve vulnerabilities reported by external researchers. Of the externally reported flaws, eight have a severity rating of ‘high’, with six of them being memory safety bugs. Based on the awarded bug bounty, the most important of these is CVE-2023-2929, an … [Read more...]
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations. The backdoor was discovered by Eclypsium based on behavior associated with the functionality, which triggered an alert in the company’s … [Read more...]
- 1
- 2
- 3
- …
- 37
- Next Page »