Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

28 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 28 Filtered view

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…

Defunct Ransomware Group's Diaspora Includes Hackers With Focus on Microsoft TeamsBased on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices.

Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.…

Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights

Bank Info Security 1 year, 9 months ago

Breach Roundup: Brazilian Police Arrest USDoD

Also: Internet Archive Limps Back Online, Beware Kerbertoasing and Passkey TakeupThis week, Brazilian police arrested USDoD, Internet Archive is recovering, a Microsoft warning over Kerberoasting and of mounting phishing attacks, Google touted memory safety efforts, Volkswagen said no harm after ransomware attack, and Amazon reported over 175 million customers using passkeys.

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by ChatGPT and Google Bard, has started adding restrictions on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.” The large language models (LLMs) made by ChatGPT parent OpenAI or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new LLM that was created specifically for cybercrime activities.

A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [...]

Loading more headlines...