News

Open-source file-sharing and collaboration software ownCloud is plagued by critical vulnerabilities that could lead to the exposure of credentials and other sensitive information and to authentication and validation bypass. The most serious issue, which carries a CVSS score of 10/10, impacts the graphapi app, which uses a third-party library providing a URL that, when accessed, reveals the PHP environment’s configuration details (phpinfo). “This information includes all the environment variables of the webserver. In containerized deployments,…

Read More

A North Korean threat group breached a Taiwanese software company and leveraged its systems to deliver malware to devices in North America and Asia, Microsoft reported this week. The threat actor is tracked by the tech giant as Diamond Sleet (Zinc). Previously described as a sub-group of the notorious Lazarus, the hacker gang has been conducting attacks for data theft, espionage, destruction and financial gain. In the past, it was observed targeting security researchers, penetration…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

Computer chip and software maker Broadcom has announced it has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of cloud technology company VMware on Wednesday. The company, based in San Jose, California, announced it planned to move ahead with the deal after China joined the list of countries that had given a go-ahead for the acquisition. Broadcom is paying $61 billion in cash and stock for VMware and taking on $8…

Read More

End-to-end generative AI security startup Lasso Security has emerged from stealth mode with $6 million in a seed funding round led by Entrée Capital, with additional investment from Samsung Next. Established earlier this year, the Tel Aviv-based company is building technology to tackle the cyber threats faced by generative AI and large language models (LLMs) and prevent data exposure, and security and compliance risks. By protecting every LLM touchpoint, Lasso wants to help secure businesses…

Read More

The US cybersecurity agency CISA has published new guidance to help healthcare and public health organizations understand the cyber threats and risks to their sector and apply mitigations. Titled Mitigation Guide: Healthcare and Public Health (HPH) Sector (PDF), the document was released as a supplemental companion to a Cyber Risk Summary distributed in July, and comes roughly one month after CISA and HHS announced cybersecurity resources for the HPH sector. Using data collected from the…

Read More

ChatGPT-maker Open AI said Friday it has pushed out its co-founder and CEO Sam Altman after a review found he was “not consistently candid in his communications” with the board of directors. “The board no longer has confidence in his ability to continue leading OpenAI,” the artificial intelligence company said in a statement. In the year since Altman catapulted ChatGPT to global fame, he has become Silicon Valley’s sought-after voice on the promise and potential…

Read More

Two environmentalists told a federal judge Thursday that the public was the real victim of a global computer hacking campaign that targeted those fighting big oil companies to get the truth out about global warming. A climate scientist and the director of a fund that creates initiatives to address climate change spoke at the sentencing of an Israeli man who prosecutors said enabled the hacking of thousands of individuals and entities worldwide. Aviram Azari, 52,…

Read More