Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view

Eset Links Group's Growth to Integrated Endpoint-Killing ToolsEset researchers say the rapidly growing Gentlemen ransomware operation differentiates itself by supplying affiliates with a standardized EDR-killer suite that disables security tools, quickly incorporates newly disclosed vulnerable drivers and helps scale attacks across multiple regions worldwide.

Bank Info Security 5 months, 1 week ago

Admin Rights Are a Vulnerability, Not an Enabler

Enabling Practical Endpoint Control Without Productivity Trade-offsRemoving local admin rights often creates helpdesk and user friction. An identity-first model reduces risk while keeping business operational. Join CyberArk's practical webinar session to learn how identity-first endpoint control replaces standing admin rights with just-in-time access.

CrowdStrike's Adam Meyers on Cybercriminals Moving From Endpoints to Softer TargetsWith EDR making it difficult for cybercriminal to carry out attacks, they are now shifting focus to exploit vulnerabilities in compromised identities and unmanaged devices to move laterally across organizations, said Adam Meyers, senior vice president of counter adversary operations at CrowdStrike.

Bank Info Security 1 year, 3 months ago

Medusa Ransomware Brings Its Own Vulnerable Driver

Hackers Use Stolen Certificates to Bypass Endpoint Detection and ResponseA Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections.

Bank Info Security 1 year, 7 months ago

CISA Red Team Finds Alarming Critical Infrastructure Risks

Red Team Finds Vulnerabilities in Critical Infrastructure Org’s Security FrameworkThe U.S., cyber defense agency is urging critical infrastructure operators to learn from the experience of a volunteer read teaming test and not rely too heavily on host-based endpoint detection and response solutions at the expense of network layer protections.

Bank Info Security 1 year, 9 months ago

Ivanti Confirms Exploitation of an Old Critical Vuln

Remote Code Execution Bug Exploited in Limited AttacksIvanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code.

Bank Info Security 1 year, 10 months ago

Absolute Purchases Syxsense to Tackle Cyber Vulnerabilities

Acquisition Brings Vulnerability Management to Absolute's Cyber Resilience PlatformAbsolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.

Ivanti Faces Another SQL Injection Flaw in Popular Endpoint Manager ProductSecurity researchers have discovered another major vulnerability in Ivanti’s widely-used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time, just months after the company patched a separate SQL injection flaw in the same product.

Bank Info Security 2 years, 6 months ago

Ivanti Patches Critical Endpoint Security Vulnerability

SQL Injection Flaw Affects All Supported Versions of Ivanti Endpoint ManagerIvanti issued an urgent alert to users of its endpoint security product to patch a critical vulnerability that exposes systems to potential exploitation by unauthorized attackers. The SQL injection vulnerability tracked as CVE-2023-39336 is in all supported versions of Ivanti Endpoint Manager.

Bank Info Security 2 years, 8 months ago

SonicWall Buys Solutions Granted to Offer MSPs More Services

Buying Master MSSP Will Bring MDR, SOC and Vulnerability Management to MSPs, MSSPsSonicWall acquired a longtime master MSSP partner to bring MDR, SOC and vulnerability management capabilities to its managed service providers. Buying Solutions Granted will help SonicWall detect and respond to endpoint or cloud-based threat activity on behalf of its MSP and MSSP partners.