Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

13 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 13 most recent headlines Filtered view

Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack […]

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk

Bank Info Security 7 months ago

UK ICO Fines LastPass Over 2022 Data Breach

Password Manager Must Pay 1.2M PoundsThe British data regulator imposed a fine of 1.2 million pounds against password manager LastPass over a 2022 data breach that exposed the data of millions of its customers. Unidentified hackers stole backup data from LastPass's Amazon Web Services S3 bucket.

Bank Info Security 10 months, 2 weeks ago

Navy Federal Credit Union Backup Exposed Online

Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWSNavy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data.

Bank Info Security 1 year, 6 months ago

Ransomware Campaign Targets Amazon S3 Buckets

Threat Actor 'Codefinger' Targets Cloud EnvironmentsA ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities

Colchester City Council says it and others caught up in new incident, reckons benefits data of local citizens exposed Capita is facing criticism about its security hygiene on a new front after an Amazon bucket containing benefits data on residents in a south east England city council was left exposed to the public web.…

Educator gets an F for security Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students' information as well as the education publishing giant's own source code and digital keys, according to security researchers.…

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. [...]