Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view

Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens

Trend Micro Research, News and Perspectives 1 year, 10 months ago

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

Bank Info Security 2 years, 6 months ago

After Orange Disruption, Brace for More BGP Route Hijacking

Expert Warns of Copycat Attack Risk; Telco Hadn't Enabled Two-Factor AuthenticationIn the wake of an apparently weak password being harvested by information-stealing malware and used to disrupt telecommunications giant Orange Spain's internet traffic, an expert is warning all organizations to beware of copycat attacks - and to lock down their internet registry accounts.