Zscaler addressed rumors of a system breach by confirming that an isolated test environment, unconnected to its main infrastructure or customer data, was exposed online and subsequently taken offline for forensic analysis. The company's ongoing investigation has found no evidence of any compromise to its core customer or production environments. These rumors began circulating after a threat actor named IntelBroker claimed to be selling access to a cybersecurity company's sensitive data. Despite these claims, Zscaler reassures that its primary operational and customer data environments remain secure, indicating no impact from this incident on company or customer data.

Zscaler takes "test environment" offline after rumors of a breach BleepingComputer

In a conversation with MIT Technology Review, OpenAI CEO Sam Altman outlined a future where AI evolves beyond its current capabilities to act as highly competent, personal agents involved in various aspects of our lives without the need for new hardware or vast amounts of additional training data. Altman described these AI systems as super-competent colleagues that can manage both simple and complex tasks independently, transforming our interaction with technology. He emphasized that despite the potential for new AI-specialized devices, the envisioned applications could operate effectively in the cloud, suggesting that existing devices might suffice. Altman also touched on the future of artificial general intelligence (AGI), predicting the development of multiple versions of AGI, each with different strengths.

Sam Altman says helpful agents are poised to become AI’s killer function | MIT Technology Review MIT Technology Review

This article details a novel network technique discovered by researchers that allows an attacker to bypass VPN encapsulation via DHCP (Dynamic Host Configuration Protocol), effectively forcing a target user’s traffic outside of their VPN tunnel. Termed as "decloaking," this method subtly exploits the DHCP without disrupting the VPN's control channel, leaving the user unaware as their data transmissions are not encrypted by the VPN. Despite attempts to inform affected parties, the technique—which is believed to be exploitable since 2002—remains a significant threat. The article emphasizes the difficulty in mitigating this vulnerability due to the essential role DHCP plays in network connectivity and suggests the implementation of network namespaces as a potential fix for systems that support it, like Linux. The research aims to raise awareness within the security community about this threat and the challenge in notifying every VPN provider and user, hoping for wider implementation of effective countermeasures.

TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak Leviathan Security

Hospitals are being warned about the rise of "vishing," a form of cybercrime utilizing artificial intelligence, as highlighted by Scott MacLean, CIO of MedStar Health, during congressional testimony. Hackers use AI to mimic individuals' voices for voice phishing attacks, posing significant challenges to healthcare providers' cybersecurity measures. This comes in response to an Enea report indicating a significant increase in vishing, alongside smishing and traditional phishing, particularly after the introduction of technologies like ChatGPT, emphasizing the evolving nature of cyber threats facilitated by advanced AI.

Why hospitals should look out for 'vishing' Becker's Hospital Review