Blog – Page 1078 – Cyber Mike

Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers

Nvidia rolls out urgent security updates to fix at least 8 high-severity vulnerabilities in GPU drivers for Windows and Linux.

The post Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers appeared first on SecurityWeek.

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection.
The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B.
“Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support

New Qilin ransomware encryptor features stronger encryption, evasion

A new Rust-based variant of the Qilin (Agenda) ransomware strain, dubbed ‘Qilin.B,’ has been spotted in the wild, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. […]

Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2

On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. […]

North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency.

The post North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft appeared first on SecurityWeek.

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances.
“The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua said in a report shared

‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives

Deceptive Delight is a new AI jailbreak that has been successfully tested against eight models with an average success rate of 65%.

The post ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives appeared first on SecurityWeek.

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition.
The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.
Arising due to resource

New Fortinet Zero-Day Exploited for Months Before Patch

A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.

The post New Fortinet Zero-Day Exploited for Months Before Patch appeared first on SecurityWeek.

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them.
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the

Cyber News