Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 25 Filtered view

Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail SentenceThis week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 -- less than one month before unidentified hackers stole data on 37 million users -- and launched LeakedSource three months later.

The Hacker News 3 years, 11 months ago

What the Zola Hack Can Teach Us About Password Security

Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was the victim of a significant cybersecurity breach where hackers used an attack known as credential

Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." [...]

Loading more headlines...