Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view
Bank Info Security 1 week, 2 days ago

Hidden Backdoor Found in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Bank Info Security 1 week, 2 days ago

Hidden Backdoor in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Juniper Tells Customers to Tune Their FirewallA critical vulnerability in Juniper Networks' primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication.

Bank Info Security 7 months, 3 weeks ago

ShinyHunters Hack Salesforce Instances Via Gainsight Apps

Salesforce Revoked Gainsight Authentication TokensCustomer relationship management giant Salesforce is again notifying customers that hackers may be stealing their data through a third-party app. The San Francisco company late Wednesday disclosed that apps published by Gainsight connected to Salesforce instances may have "enabled unauthorized access."

Bank Info Security 10 months, 1 week ago

Salesloft Drift Hack Claims New Victims in Tenable, Qualys

Salesloft Says Hackers Broke Into Its GitHub RepositoryCybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.

Bank Info Security 1 year, 5 months ago

SonicWall's Zero-Day Provokes Patch Alerts

Preauthentication Deserialization Flaw Could Result in Remote Code ExecutionSoftware vendors and national security agencies are urging immediate patching of a critical SonicWall flaw days after the security device manufacturer disclosed that hackers are actively exploiting a zero-day. The flaw doesn't require user authentication.

Progress Software: 'Newly Disclosed Third-Party Vulnerability Introduces New Risk'Hackers jumped on a new flaw in Progress Software's MOVEit managed file transfer application just hours after maker Progress Software publicly disclosed the critical flaw, which allowsattackers to bypass authentication. Customers of the Massachusetts company are no strangers to emergency patching.