Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

47 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 47 Filtered view

Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how to turn those early warning signs into proactive defensive action before an intrusion begins. [...]

Crim used infostealer to get cloud credentials If you don't say "yes way" to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale – and, in some cases, has already been sold – on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan's homebuilding giant Sekisui House; and Spain's largest airline Iberia.…

The Hacker News 8 months, 1 week ago

Enterprise Credentials at Risk – Same Old, Same Old?

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web

Krebs on Security 1 year, 8 months ago

Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.

Millions of Customers Will Also Be Offered Monitoring of Genetic Data on Dark WebGenetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.

Bank Info Security 2 years, 1 month ago

Australian Regulators Detail Medibank Hack: VPN Lacked MFA

Court Filing: Threat Actor Stole Admin Credentials From IT Service Desk ContractorMedibank's lack of MFA on its global VPN allowed a hacker to use credentials stolen from an IT services desk contractor to access the private health insurer's IT systems in 2022, leading to a dark web data leak affecting 9.7 million individuals, Australian regulators said in court documents.

Bank Info Security 2 years, 2 months ago

Dark Web Sales Driving Major Rise in Credential Attacks

Cybercriminals Netting Over 50 Credentials Per Infected Device, Kaspersky SaysThe value of corporate credentials in the cybercrime market contributed to a 643% increase in data theft attacks over the past three years, cybersecurity company Kaspersky says. Malicious access brokers stole close to 400 million logins and passwords for numerous websites in the past year.

Singaporean researchers note rising presence of ChatGPT creds in Infostealer malware logs Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year.…

Loading more headlines...