Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

24 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 24 Filtered view

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy

Researchers Identified Two Undocumented Variants Used Since 2023Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage capabilities, rootkit-based stealth and continued targeting of government organizations across Asia and Central America.

Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail SentenceThis week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.

Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,

Bank Info Security 1 year, 4 months ago

Chinese Hackers Exploit Windows Tool to Install Backdoors

Mustang Panda Uses MAVInject to Evade Antivirus DetectionA Chinese state-sponsored hacking group is abusing a legitimate Microsoft tool to evade security and install backdoors on government systems in the Asia-Pacific region. The threat actor uses MAVInject.exe to inject malware into waitfor.exe.

Bank Info Security 1 year, 8 months ago

Microsoft Warns of Ongoing Russian Intelligence Campaign

Russian SVR Targeting Government, Academia, Defense Organizations GloballyA Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.

Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files. [...]

Espionage Group Using Linux-based Espionage Tools to Nab Defense SecretsA politically motivated hacking group aligned with Pakistani interests is matching the Indian military's shift away from the Windows operating system with a heavy focus on malware encoded for Linux. BlackBerry observed the cyberespionage group targeting government agencies and the defense industry.

Bank Info Security 2 years, 3 months ago

Report Slams Microsoft for Security Blunders in Chinese Hack

Hack Targeting Top Government Officials ‘Was Preventable,’ Scathing Report SaysThe independent Cyber Safety Review Board published a scathing report that recommended an overhaul of Microsoft’s security infrastructure and said the tech giant’s operational and strategic decisions led to the successful Chinese hacking campaign targeting top U.S. government officials.

The Register 2 years, 11 months ago

US senator victim-blames Microsoft for Chinese hack

ALSO: China says US hacked it right back, BreachForums users have been pwned, and this week's critical vulns Infosec in brief US senator Ron Wyden (D-OR) thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "hold Microsoft responsible for its negligent cyber security practices." …

Loading more headlines...