Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

29 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 29 Filtered view
Security Affairs 1 month, 1 week ago

France’s Government Messaging App Tchap Got Breached

France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the French government for its civil servants and made mandatory last year, was breached on June 7. ANSSI, France’s cybersecurity agency, detected the intrusion. The vector was straightforward: […]

Bank Info Security 1 month, 3 weeks ago

GitHub Tells Self-Hosted Admins to Rotate Keys

Company Pushes Key Rotation After 3,800 Repositories CompromisedHacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a May 18 incident involving a poisoned VS Code extension used by an employee. GitHub CISO Alexis Wales in a Tuesday update said the repository is rotating all keys.

Bank Info Security 2 months, 2 weeks ago

Germany Caught Up in Likely Russian Signal Phishing

Governments Have Long Warned About Kremlin Social Engineering HacksSignal is defending the security of its systems following a series of phishing attacks that took place on the encrypted messaging platform, and that reportedly compromised members of the German government including the president of the country's parliament.

The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. [...]

Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls "high-value" users.…

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances

Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer BreachesAflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.

Bank Info Security 1 year, 6 months ago

AI-Driven Ransomware Group Strikes 85 Victims

Amateurish Ransomware Group Doubles as HackstivistsCybersecurity researchers discovered an artificial intelligence-driven ransomware group that emerged at the end of last year and compromised more than 85 victims worldwide. The group uses double extortion, combining data theft with encryption.

Bank Info Security 1 year, 6 months ago

Ransomware Campaign Targets Amazon S3 Buckets

Threat Actor 'Codefinger' Targets Cloud EnvironmentsA ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

'Codefinger' crims on the hunt for compromised keys A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ransom payment for the symmetric AES-256 keys required to decrypt it.…

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood

Loading more headlines...