Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view

Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.

Bank Info Security 5 months, 1 week ago

Microsoft Urges Users to Finally Ditch NTLM Authentication

Seeking to Add Urgency, Mandiant Publishes Rainbow Tables for NTLM Key HashesFor nearly 30 years, security experts have warned organizations to ditch the weak NTLM authentication protocol in Windows. But its use persists, even amidst easy and active exploits. Now Google has published rainbow tables for NTLMv1. Will this finally drive holdout organizations to change?

Bank Info Security 10 months, 2 weeks ago

Salesloft Drift Attacks Exposed Zscaler Customer Data

'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.

Bank Info Security 1 year, 6 months ago

Abandoned Online Domains Unlock Services With Google OAuth

Google Says Platforms Shouldn't Use Emails as Unique IdentifiersA security researcher purchased abandoned online domains belonging to failed startups and found he could recreate email addresses and access third party services containing sensitive information collected by the shuttered companies by signing onto the platforms using "Sign in with Google."

Bank Info Security 2 years, 3 months ago

Google Proposes Method for Stopping Multifactor Runaround

Device Bound Session Credentials Tie Authentication Cookies to Specific ComputersGoogle is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.

Bank Info Security 2 years, 6 months ago

Top Takeaways From the Hijacking of Mandiant's X Account

All Organizations That Use X Should Review Their Two-Factor Authentication SettingsGoogle Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, leaving it unprotected.