On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. […]
North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft
The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency.
The post North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft appeared first on SecurityWeek.
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances.
“The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua said in a report shared
“The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua said in a report shared
‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives
Deceptive Delight is a new AI jailbreak that has been successfully tested against eight models with an average success rate of 65%.
The post ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives appeared first on SecurityWeek.
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition.
The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Arising due to resource
The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Arising due to resource
New Fortinet Zero-Day Exploited for Months Before Patch
A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.
The post New Fortinet Zero-Day Exploited for Months Before Patch appeared first on SecurityWeek.
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them.
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the
Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements
The Penn State university has agreed to pay $1.25 million to settle alleged failure to meet cybersecurity requirements for DoD and NASA contracts.
The post Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements appeared first on SecurityWeek.
New Scoring System Helps Secure the Open Source AI Model Supply Chain
AI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub.
The post New Scoring System Helps Secure the Open Source AI Model Supply Chain appeared first on SecurityWeek.
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices.
Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor.
This entails triggering the
Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor.
This entails triggering the