Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

15 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 15 most recent headlines Filtered view

Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…

Also, More ClickFix Attacks and Teen Booters Arrested in PolandThis week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress sites, Microsoft patched 80 bugs, a 14K-router botnet, Polish teens held over DDoS tools and Finland warned of Russian, Chinese espionage. North Korean IT workers for hire.

Bank Info Security 4 months, 3 weeks ago

Breach Roundup: Finnish Hacker Sentenced to Nearly 7 Years

Also, More ShinyHunters Breaches, North Korea Laptop Farm Operator SentencedThis week, Finland's Aleksanteri Kivimäki sentenced. ShinyHunters breaches. Laptop farm rancher sentenced. Oregon state agency hacker sentenced. African scammers arrested. MuddyWater AI-assisted hacks. Advantest ransomware incident, SolarWinds and Microsoft patches. FileZen flaw. QualDerm breach.

Also, Dutch Defend the Nexperia Takeover, Hikvision Challenges FCC, Qilin StrikesThis week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt injection may be here to stay. Hikvision pushed back against a new U.S. crackdown. Qilin claimed it hacked Scientology, Microsoft Patch Tuesday and MuddyWater activity.

Bank Info Security 7 months, 1 week ago

Breach Roundup: React Flaw Incites Supply Chain Risk

Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' HackThis week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.

Bank Info Security 8 months, 1 week ago

Unpatched Windows Flaw a Boon for Nation-State Hackers

Chinese Hackers Target European Diplomats with LNK File FlawChinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers - but operating system giant Microsoft says the flaw doesn't merit a patch. Hackers used a flaw already compromised by North Korea and Russia.

Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky DataThis week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access

PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem.…

Bank Info Security 2 years, 4 months ago

Lazarus Group Exploits Windows AppLocker Driver Zero-Day

Microsoft Fixed Bug in February That Gave Kernel-Level Access to North Korean APTNorth Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.

Bank Info Security 2 years, 4 months ago

Breach Roundup: More Fallout From the LockBit Takedown

Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy InvestigationThis week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.