Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 16 most recent headlines Filtered view
Bank Info Security 1 month, 3 weeks ago

Breach Roundup: Shai-Hulud Copycat Hits npm

Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug SpamThis week, more incidents than we can list here. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven story. A MENA crackdown.

Bank Info Security 3 months, 4 weeks ago

Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks

AWS Researchers Find an Interlock Server Laden With ToolsRansomware hackers exploited a flaw with a maximum vulnerability score in Cisco firewall management software weeks before the networking giant disclosed the vulnerability in early March. The group has focused extensively on critical infrastructure sectors in North America and Europe.

Bank Info Security 5 months, 3 weeks ago

Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

Cisco Fixes ISE Bug; HPE OneView Under Fire; Exploit Code Drops for n8n FlawThe new year is off to a fresh start on the vulnerability and exploit alert front: Cisco has patched a critical Identity Services Engine; cybersecurity officials warn that an HPE OneView vulnerability is being actively exploited; and proof-of-concept exploits drop for n8n automation software.

Bank Info Security 6 months, 4 weeks ago

Chinese Hackers Targeting Cisco Email Gateways

Cisco Talos Attributes Campaign to UAT-9686Likely Chinese nation-state hackers are exploiting an unpatched flaw in Cisco email appliances as part of an ongoing campaign to gain persistent access. Hackers have been exploiting since mid-November a zero-day in the Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

Bank Info Security 8 months ago

Hackers Exploited Cisco ISE Zero-Day

Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

CISA Says Agencies Believed They Patched Cisco Flaws But Had NotThe U.S. cyber defense agency issued new patch guidance after discovering multiple federal agencies failed to properly secure Cisco firewalls, leaving federal networks exposed to exploitation by a suspected Chinese threat actor despite a prior emergency directive.

Bank Info Security 8 months, 1 week ago

Longer Conversations Can Break AI Safety Filters

Adversarial Success Rates Jump Tenfold in Longer AI Chats, Finds CiscoOpen-weight language models can say "no" only for so long. Their safety filters break down when pushed through longer conversations, exposing flaws that one-shot tests fail to catch, found researchers at Cisco. The longer a user engages, the higher the probability of failure.

Bank Info Security 10 months, 4 weeks ago

Cisco Patches Maximum-Severity Firewall Flaw

Cisco Secure Firewall Management Centers Connected to RADIUS Left VulnerableNetworking equipment giant Cisco warned firewall customers to patch after discovering a maximum-severity vulnerability that could allow unauthenticated hackers to commandeer the server. The flaw rates a maximum score of 10 on the CVSS system.

Philippe Laulheret of Cisco Talos on Vulnerabilities in ControlVault FirmwareSecurity flaws in Dell's ControlVault firmware allowed attackers to run code on the chip, extract stored secrets and alter its behavior. By chaining these exploits, they could send malicious data to Windows components, said Philippe Laulheret, senior vulnerability researcher at Cisco Talos.

Bank Info Security 11 months, 2 weeks ago

Breach Roundup: Did China Have a Sneak Peek Into ToolShell?

Also: ToolShell Hits South Africa, Most Americans Are Online Fraud VictimsThis week: Did China sneak a peek into ToolShell? ToolShell hacking in South Africa, Cisco flaws, an Arizona woman sentenced for aiding North Korea. Most Americans scammed online, a NASCAR data breach and a claimed data leak at France's Naval Group. Orange telecom disrupted. Dating app Tea breach.

Flaw Exposes Remote Privilege Escalation RiskCisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials.

Researchers in Proof of Concept Show Exploit Potential for Widely Used SoftwareTechnical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.

Bank Info Security 1 year, 3 months ago

Chinese Hackers Exploit Unpatched Servers in Taiwan

UAT-5918 Breaches Taiwan's Critical Sectors Using N-Day Flaws for CyberespionageHackers with ties to China-based hacking groups including Volt Typhoon are breaching Taiwan's critical infrastructure by exploiting unpatched web and application servers as entry points for a cyberespionage campaign. Cisco Talos threat hunters identified the new threat actor as UAT-5918.

Bank Info Security 2 years, 3 months ago

Breach Roundup: Omni Hotels Acknowledges Cyber Incident

Also: Insurer Predicts Ransomware for Cars, Offers to Cover Towing CostsThis week, Omni, OWASP and MarineMax suffered cyber incidents, Ivanti disclosed flaws, Cisco gave tips to stop password-spraying attacks, a court upheld an FCC ban, India rescued citizens in Cambodia, Americans lost $1.1 billion to impersonation scams, and an insurer introduced a cyber auto policy.