News

Government agencies in Israel and the US have announced plans to invest $3.85 million in projects meant to improve the security of critical infrastructure in both countries. The investment is made through the BIRD Cyber Program, a joint initiative from the Israel National Cyber Directorate (INCD), the Israel-US Binational Industrial Research and Development (BIRD) Foundation, and the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T). As part of the program, four grants…

Read More

Exploitation attempts targeting a remote code execution flaw in Citrix’s ShareFile product have spiked just as the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog.  The vulnerability affecting the ShareFile file sharing and collaboration product is tracked as CVE-2023-24489 and it has been assigned a ‘critical’ severity rating. It can allow an unauthenticated attacker to upload arbitrary files and possibly achieve remote code execution. When details of the…

Read More

A threat actor has automated the exploitation of a recent Citrix vulnerability and has infected roughly 2,000 NetScaler instances with a backdoor, British information assurance firm NCC Group reports. Tracked as CVE-2023-3519, the critical vulnerability was disclosed last month as a zero-day, being exploited since June 2023, including in attacks against critical infrastructure organizations. The issue allows unauthenticated, remote attackers to execute arbitrary code on vulnerable Citrix Application Delivery Controller (ADC) and Gateway appliances that…

Read More

White House officials concerned by AI chatbots’ potential for societal harm and the Silicon Valley powerhouses rushing them to market are heavily invested in a three-day competition ending Sunday at the DefCon hacker convention in Las Vegas. Some 2,200 competitors tapped on laptops seeking to expose flaws in eight leading large-language models representative of technology’s next big thing. But don’t expect quick results from this first-ever independent “red-teaming” of multiple models. Findings won’t be made…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information. Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world’s largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices — roughly 1,000 different types of products made by…

Read More

Network security giant Check Point Software (NASDAQ: CHKP) on Thursday said it has agreed to acquire Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA) solutions provider Perimeter 81 for roughly $490 million in “cash free, debt free” deal. Perimeter 81 launched in 2018 and offers a platform that helps businesses to secure remote access, network traffic, and endpoint devices with its cloud-delivered Zero Trust Network Access, Firewall as a Service, and Secure Web Gateway (SWG) offerings.…

Read More

The White House on Wednesday launched a competition offering millions of dollars in prize money for creating new artificial intelligence systems that can defend critical software from hackers. Competitors vying for some of the $18.5 million in prize money will need to design novel AI systems that quickly find and fix software vulnerabilities in electric grids, subways or other key networks that could be exploited by hackers, President Joe Biden’s administration said. “This competition will…

Read More

Rapid7 (NASDAQ: RPD) is the latest cybersecurity vendor to announce layoffs, with the Boston-based firm announcing a restructuring plan late Tuesday that will result in an 18% reduction in employee headcount. In total, approximately 500 employees could be impacted based on the roughly 2,700-person headcount at the end of 2022, with more than 700 people in its Boston headquarters. The company also said in and SEC filing that it would close certain office locations, but…

Read More