The Lazarus Group has exploited a zero-day vulnerability in Google Chrome to take control of infected devices by deceiving users into visiting a fake game site targeting cryptocurrency enthusiasts. This attack chain involves a malicious game disguised as a legitimate product.

The rise of Generative AI has transformed phishing, empowering cybercriminals to create convincing emails that are hard to detect. This shift raises the urgency for organizations to adopt phishing-resistant MFA solutions, essential to combat increasingly sophisticated ransomware attacks.

Cisco has released updates to fix an actively exploited security flaw, CVE-2024-20481, in its Adaptive Security Appliance (ASA). This vulnerability could allow remote attackers to trigger a denial-of-service condition by overwhelming the Remote Access VPN service with requests.

Cybersecurity researchers uncovered a vulnerability in the AWS Cloud Development Kit (CDK) that could enable account takeovers. The flaw, detailed by Aqua researchers, arose from predictable naming patterns for S3 buckets, allowing potential exploitation. AWS has since updated the CDK to address this issue.

Cybersecurity researchers have identified a more advanced variant of Qilin ransomware, known as Qilin.B, featuring enhanced encryption and evasion strategies. It employs AES-256-CTR and RSA-4096 to secure files and complicate recovery efforts by disabling key services and deleting backups.

The Irish data protection watchdog fined LinkedIn €310 million for violating user privacy through behavioral analyses for targeted advertising, breaching GDPR principles by not seeking explicit consent. LinkedIn has three months to comply with GDPR standards.

This week was a total digital dumpster fire! Hackers targeted browsers and devices, deploying password-stealing bots and sneaky extensions. But we’ve got the latest scoop to help you survive the chaos. Join us for insights on combating these threats. Stay sharp!

German law enforcement has disrupted dstat[.]cc, a criminal platform enabling individuals to easily conduct DDoS attacks. This service, accessible even to those lacking technical skills, provided reviews of stresser services, aiding in the execution of attacks against targeted websites.

The SEC has charged four companies—Avaya, Check Point, Mimecast, and Unisys—for misleading disclosures related to the SolarWinds cyberattack in 2020. The companies downplayed the extent of the breach, resulting in penalties totaling $6 million and violations of federal securities laws.

AI has transformed from a mere concept to a significant threat, with AI impersonation fraud on the rise. Current detection methods struggle to keep pace with attackers. A secure-by-design identity platform, like Beyond Identity’s RealityCheck, offers robust defenses against this emerging danger.