Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

15 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 15 most recent headlines Filtered view

National Risk Assessment Cites CrowdStrike Lessons Learned, Hybrid Warfare RisksThe British government's latest national security risk register sees a rising threat posed by cyberattacks disrupting operational technology in more critical national infrastructure sectors, and cites the CrowdStrike outage in "digital resilience failure" lessons to be learned.

OT Operators Shouldn't Wait for Mythos Access to Probe CodebasesThe abrupt, government-ordered cut-off of access to Mythos 5, the most cyber-capable of Anthropic's large language models, has underlined a message security experts have been trying to get out to the operational technology community: You don't need Mythos.

Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S. government services and facilities. The post Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs appeared first on CyberScoop.

Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the […] The post Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn appeared first on CyberScoop.

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber-attacks from Iranian state-sponsored or affiliated threat actors.  "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events," the agencies said

IOCONTROL targets IoT and OT devices from a ton of makers, apparently An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.…

Bank Info Security 2 years, 4 months ago

CISA Lacks Staff with Skills Needed to Safeguard OT

GAO Report Criticizes CISA's Info Sharing Programs for Critical InfrastructureThe U.S. Government Accountability Office found that CISA lacks the skilled staff to effectively share information with critical infrastructure operators about threats. Also, the GAO found that the Pipeline and Hazardous Materials Safety Administration lacked an information-sharing process.

Nearly 60 holes found affecting 'more than 30,000' machines worldwide Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government's CISA and private security researchers. …

US security agencies say the tools can give hackers control of ICS and SCADA devices Hackers have created custom tools to control a range of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies.…

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices

Poisoned SCADA apps could have disrupted power supply – perhaps even at nuclear plants The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world – including at least one nuclear power plant.…