Information

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

The North Korea-linked advanced persistent threat (APT) actor Lazarus Group has been observed exploiting a Zoho ManageEngine vulnerability to compromise an internet backbone infrastructure provider in Europe, Cisco’s Talos security researchers report. The attack occurred in early 2023, roughly five days after proof-of-concept (PoC) exploit code targeting the ManageEngine flaw, which is tracked as CVE-2022-47966 (CVSS score of 9.8), was published. Identified in the Apache xmlsec (XML Security for Java) third-party dependency, the issue can…

Israeli startup Cypago on Thursday announced that it has raised $13 million in a funding round led by Entrée Capital, Axon Ventures, and Jump Capital, with participation from various angel investors. Founded in 2020, the Tel Aviv-based company also launched its governance, risk management and compliance (GRC) automation (CGA) platform, which aims to bring management, security, and operations together. Combining a SaaS architecture with advanced analysis and correlation, generative AI, and automation, the platform helps…

Cisco on Wednesday announced patches for six vulnerabilities in its products, including three high-severity bugs in NX-OS and FXOS software that could be exploited to cause a denial-of-service (DoS) condition. Impacting the FXOS software of Firepower 4100 and Firepower 9300 security appliances and of UCS 6300 series fabric interconnects, the most severe of these flaws is CVE-2023-20200, described as the improper handling of specific SNMP requests. The issue allows an authenticated, remote attacker to send…