Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

36 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 36 Filtered view

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still fragmented by platform.  For security leaders, this creates a

Bank Info Security 3 months, 4 weeks ago

Microsoft Intune MDM Gains Notoriety After Stryker Hack

Properly Configured Mobile Development Management Tools Can't Wipe Personal DataMobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected.

Bank Info Security 7 months, 2 weeks ago

Kaiser Permanente to Pay Up to $47.5M in Web Tracker Lawsuit

Class Action Litigation Alleges Web Trackers Shared Patient Data With Tech FirmsKaiser Permanente has agreed to pay up to $47.5 million to settle litigation stemming from its use of tracking codes in its websites, patient portals and mobile apps. Claimants alleged the trackers unlawfully shared patients' information with third parties, including Google and Microsoft.

Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. [...]

Trend Micro Research, News and Perspectives 1 year, 10 months ago

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

March Decision Mandated Commission to Stem Data Flows From Its Office 365 UseThe European Commission is appealing a March decision by a continental data regulator that found the commission's use of Microsoft Office apps violated Regulation (EU) 2018/1725. A commission spokesperson said the EDPS decision would undermine its "mobile and integrated IT services."

Loading more headlines...