Information

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

The North Korea-linked advanced persistent threat (APT) actor Lazarus Group has been observed exploiting a Zoho ManageEngine vulnerability to compromise an internet backbone infrastructure provider in Europe, Cisco’s Talos security researchers report. The attack occurred in early 2023, roughly five days after proof-of-concept (PoC) exploit code targeting the ManageEngine flaw, which is tracked as CVE-2022-47966 (CVSS score of 9.8), was published. Identified in the Apache xmlsec (XML Security for Java) third-party dependency, the issue can…

Israeli startup Cypago on Thursday announced that it has raised $13 million in a funding round led by Entrée Capital, Axon Ventures, and Jump Capital, with participation from various angel investors. Founded in 2020, the Tel Aviv-based company also launched its governance, risk management and compliance (GRC) automation (CGA) platform, which aims to bring management, security, and operations together. Combining a SaaS architecture with advanced analysis and correlation, generative AI, and automation, the platform helps…

Cisco on Wednesday announced patches for six vulnerabilities in its products, including three high-severity bugs in NX-OS and FXOS software that could be exploited to cause a denial-of-service (DoS) condition. Impacting the FXOS software of Firepower 4100 and Firepower 9300 security appliances and of UCS 6300 series fabric interconnects, the most severe of these flaws is CVE-2023-20200, described as the improper handling of specific SNMP requests. The issue allows an authenticated, remote attacker to send…

It’s been eight and half years since I first wrote about the need for security leadership representation in the boardroom. I then revisited the topic last year, when the SEC initially proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. Now, as the SEC cyber incident disclosure rules come into effect, organizations will finally be forced to seriously consider giving security leaders a seat at…