LinkedIn received a €310 million fine from the Irish Data Protection Commission for violating European Union’s law related to the processing of personal data for behavioral analysis and targeted advertising. […]
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April. […]
Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers
Nvidia rolls out urgent security updates to fix at least 8 high-severity vulnerabilities in GPU drivers for Windows and Linux.
The post Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers appeared first on SecurityWeek.
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection.
The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B.
“Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support
The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B.
“Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support
New Qilin ransomware encryptor features stronger encryption, evasion
A new Rust-based variant of the Qilin (Agenda) ransomware strain, dubbed ‘Qilin.B,’ has been spotted in the wild, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. […]
Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2
On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. […]
North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft
The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency.
The post North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft appeared first on SecurityWeek.
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances.
“The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua said in a report shared
“The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua said in a report shared
‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives
Deceptive Delight is a new AI jailbreak that has been successfully tested against eight models with an average success rate of 65%.
The post ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives appeared first on SecurityWeek.
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition.
The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Arising due to resource
The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Arising due to resource