Artificial intelligence technology startup OpenAI has launched a $1 million cybersecurity grant program aimed at boosting defender-focused research and capabilities and measurements. OpenAI, makers of the popular ChatGPT bot application, plans to shell out grants in increments of US$10,000 USD in the form of API credits or direct funding for projects that empower defensive use-cases for generative … [Read more...]

Galvanick, an early-stage startup working on an Extended Detection & Response (XDR) platform for industrial infrastructure, has scored $10 million in venture capital financing. The Los Angeles company, co-founded by cybersecurity veterans from the U.S. government and Amazon, said the seed-stage funding came from multiple investment firms, including MaC Venture Capital, Founders Fund, Village … [Read more...]

Point32Health, the second-largest health insurer in Massachusetts, is in the process of informing more than 2.5 million individuals that their personal and protected health information was stolen in a recent ransomware attack. Identified on April 17 and initially disclosed on April 20, the attack impacted systems related to Point32Health’s Harvard Pilgrim Health Care, and resulted in the … [Read more...]

The United States and South Korea on Thursday warned of North Korean social engineering attacks targeting the employees of think tanks, academic and research institutions, and news media organizations. North Korea-linked advanced persistent threat (APT) actors such as APT43 and Kimsuky (also known as Black Banshee, Thallium, and Velvet Chollima) conduct spear-phishing campaigns posing as … [Read more...]

Splunk on Thursday announced Splunk Enterprise security updates that resolve multiple high-severity vulnerabilities, including some impacting third-party packages used by the product. The most severe of these is CVE-2023-32707, a privilege escalation issue that allows low-privileged users with the ‘edit_user’ capability to escalate privileges to administrator, via a specially crafted web … [Read more...]

Two eastern Idaho hospitals and their clinics are working to resume full operations after a cyberattack on their computer systems. Officials with Idaho Falls Community Hospital said the attack happened Monday, causing some clinics to close, some ambulances to be diverted to nearby hospitals and their cafes to only accept cash. Mountain View Hospital, also located in Idaho Falls, was similarly … [Read more...]

Biotechnology company Enzo Biochem has revealed that the clinical test information of roughly 2.47 million individuals was exposed in a recent ransomware attack. The incident, the company notes in a Form 8-K filing with the US Securities and Exchange Commission (SEC), occurred on April 6, resulting in certain systems being disconnected from the internet. On April 11, Enzo Biochem’s investigation … [Read more...]

Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping US intelligence agencies hack iPhones. In a statement provided to SecurityWeek, an Apple spokesperson said, “We have never worked with any government to insert a backdoor into any Apple product and never will.” The statement comes in response to the Russian security service FSB … [Read more...]

A zero-day vulnerability affecting Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data. Progress Software warned on May 31 that its MOVEit Transfer managed file transfer (MFT) software is affected by a critical SQL injection vulnerability that can be exploited by an unauthenticated attacker to access MOVEit Transfer databases. “Depending on the … [Read more...]

Google today announced significantly higher bug bounty rewards for vulnerability reports containing full chain exploits leading to a sandbox escape in Chrome. Until December 1, 2023, the first report to contain a full chain exploit leading to a Chrome sandbox escape, Google says, may receive up to $180,000, or even more if cumulated with other bonuses, which is triple the current reward … [Read more...]

Russian anti-malware vendor Kaspersky on Thursday said it discovered an APT actor launching zero-click iMessage exploits on iOS-powered devices in its corporate network. Kaspersky’s disclosure comes on the same day Russia’s Federal Security Service (FSB) blamed US intelligence agencies for an ongoing spy campaign targeting thousands of iOS devices belonging to domestic subscribers and foreign … [Read more...]

Japanese car maker Toyota this week announced that cloud configuration issues have led to years-long exposure of customer data. The impacted environments, which are managed by Toyota Connected Corporation (TC), contain information related to the vehicles of Japanese customers, as well as the personal information of customers overseas. The incident, Toyota says, was the result of insufficient … [Read more...]

Cisco on Wednesday announced that it’s acquiring California-based cybersecurity firm Armorblox for its artificial intelligence (AI) technology. Armorblox specializes in protecting organizations against threats that arrive over email and other cloud office applications. The company’s products are powered by natural language understanding (NLU) technology, which enables human-computer interaction … [Read more...]

Organizations using Moxa’s MXsecurity product have been informed about two potentially serious vulnerabilities that could be exploited by malicious hackers targeting operational technology (OT) networks. MXsecurity is an industrial network security management software designed for OT environments.  Security researcher Simon Janz discovered recently that the product is impacted by a critical … [Read more...]

Amazon on Wednesday agreed to pay $30.8 million to settle Ring and Alexa privacy complaints filed by US regulators,including accusations that employees spied on female customers, according to court documents. The Federal Trade Commission charged Amazon-owned home security camera company Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or … [Read more...]

Some organizations can expose sensitive personal and corporate information by failing to properly deactivate Salesforce Community websites that are no longer used, according to data security and analytics company Varonis. Varonis reported identifying many such improperly deactivated websites, which the company has dubbed ‘Salesforce ghost sites’. These sites have been found to expose personally … [Read more...]

Adobe on Wednesday called out for all researchers on the HackerOne vulnerability reporting platform to join its VIP private bug bounty program. The private program builds on the public Vulnerability Disclosure Program (VDP) that Adobe runs on the hacker-powered platform and promises higher rewards for the identified vulnerabilities and tighter collaboration with the research community. Maintained … [Read more...]

Vulnerabilities identified in the Faronics Insight education software could lead to various types of attacks, including unauthenticated remote code execution (RCE), cybersecurity firm NCC Group warns. Deployed on-premises in schools, Faronics Insight operates based on the server-client model, allowing teachers to administer and control student devices, transfer files to and from devices, and view … [Read more...]

Google this week announced the release of Chrome 114 to the stable channel with a total of 18 security fixes inside, including 13 that resolve vulnerabilities reported by external researchers. Of the externally reported flaws, eight have a severity rating of ‘high’, with six of them being memory safety bugs. Based on the awarded bug bounty, the most important of these is CVE-2023-2929, an … [Read more...]

Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations. The backdoor was discovered by Eclypsium based on behavior associated with the functionality, which triggered an alert in the company’s … [Read more...]