Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

31 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 31 Filtered view

Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.

Bank Info Security 5 months, 2 weeks ago

Social Engineering Hackers Target Okta Single Sign On

ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate DataSecurity experts warn that "an active and ongoing campaign" being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it to ransom.

Bank Info Security 8 months, 1 week ago

Cloud Identity Exposure Is 'a Critical Point of Failure'

Attackers Exploit Cloud Credential Exposure and 'Over-Permissioning,' Experts WarnAttackers keep hammering cloud-based identities to help them bypass endpoint and network defenses, logging in using inadvertently exposed credentials - or ones harvested through infostealers - then escalating access thanks to over-permissioned accounts, experts warn.

Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. [...]

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim Microsoft has named four of the ten people it is suing for allegedly snatching Azure cloud credentials and developing tools to bypass safety guardrails in its generative AI services – ultimately to generate deepfake smut videos of celebrities and others.…

Bank Info Security 1 year, 9 months ago

Ivanti CSA Customers Targeted in New Zero Day Attacks

Attackers Chain Three Security Flaws with Patched Admin Bypass VulnerabilityInternet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day patched in September. The company advised customers to update to version 5.0.

Krebs on Security 1 year, 9 months ago

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

Loading more headlines...