Penetration testing-as-a-service company Cobalt Labs Inc. detailed in a new report today the impact of budget cuts and talent shortages in the cybersecurity industry and it’s not good news: Cyber teams are struggling to manage the remediation process and monitor for vulnerabilities. Cobalt’s fifth annual State of Pentesting Report found that budget cuts and talent shortages ...

OpenAI LP, the company behind ChatGPT, has teamed with crowdsourced cybersecurity startup Bugcrowd Inc. to offer a bug bounty program to address cybersecurity risks in its artificial intelligence models. The bug bounty program is offering rewards from $200 to $20,000 to security researchers who report vulnerabilities, bugs or security flaws they discover in OpenAI’s systems. The ...

New reports released today from Microsoft Corp. and Citizen Lab detailed a little-known Israeli spyware vendor whose software has been used by governments to hack and spy on iPhones belonging to journalists, political figures and nongovernment organizations. The company goes by the name of QuaDream and, perhaps not surprisingly, it was founded by ex-employees of well-known ...

Enterprise authorization startup SGNL.ai Inc. today announced the launch of a free, noncommercial Continuous Access Evaluation Protocol/Profile Transmitter. The idea behind the Continuous Access Evaluation Protocol was first conceived by a Google LLC software in 2019. Since that time, an informal standards development effort has grown around it and ultimately merged with an existing working group ...

Cybersecurity company CrowdStrike Holdings Inc. today announced it has expanded its CrowdStrike Falcon platform to deliver a new endpoint detection and response and extended detection and response solution for what’s becoming known as extended Internet of Things assets. XIoT is a category that includes the Internet of Things, operational technology, medical devices, the industrial Internet ...

Apple Inc. has released patches for two unpatched vulnerabilities being exploited in the wild that target Apple devices, including iPhones, iPads and Mac computers. The first vulnerability, designated CVE-2023-28205, is described by Apple as an issue in WebKit that allowed for the processing of maliciously crafted web content that could lead to arbitrary code execution. The second, CVE-2023-28206, ...

A new report from cybersecurity firm XM Cyber Inc. has found that three-quarters of security exposures don’t put organizations at risk, but a small number of exposures can put more than 90% of critical exposures at risk. The exposure findings were among various takeaways in XM Cyber’s second annual research report, Navigating the Paths of Risk: ...

The ransomware gang behind an attack on the City of Oakland in February has released a second tranche of stolen data. The Play ransomware group shared 600 gigabytes of data on its leaks site in its second release, including Oakland Police Department files, council members’ communications and city staff’s medical records. By contrast, the first release of stolen ...

Tesla Inc. employees reportedly have been sharing videos taken for customer cars, including intimate moments and accidents, according to a new report from Reuters. The report claims that between 2019 and 2022, Tesla employees shared footage from vehicles on internal messaging systems. Tesla vehicles have multiple cameras that are used by the self-driving feature, with ...

Space security company True Anomaly Inc. today launched out of stealth mode and announced that it has raised $30 million in funding, including a recent Series A round of $17 million. Founded in early 2022 by former military operators and engineers, True Anomaly is focused on building spacecraft and software solutions designed to secure U.S. commercial and ...