Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

31 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 31 Filtered view

Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices.…

Bank Info Security 5 months, 2 weeks ago

Hanging Up on ShinyHunters: Experts Detail Vishing Defenses

Sophisticated Voice Phishing Campaigns Don't Exploit Any Software VulnerabilitiesAmidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use "live video verification" to safeguard authentication changes.

Bank Info Security 5 months, 2 weeks ago

Social Engineering Hackers Target Okta Single Sign On

ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate DataSecurity experts warn that "an active and ongoing campaign" being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it to ransom.

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…

Bank Info Security 2 years, 2 months ago

Multifactor Authentication Bypass Attacks: Top Defenses

Joe Toomey of Cyber Insurer Coalition Details Rise in Attacks Targeting Weak MFAAdversaries seeking easy access to enterprise networks continue to probe for weak multifactor authentication deployments, oftentimes via nontargeted attacks that lead to phishing pages designed to steal one-time codes, said Joe Toomey, head of security engineering at cyber insurer Coalition.

Bank Info Security 2 years, 3 months ago

Tycoon 2FA - The Criminals' Favorite Platform for MFA Theft

Phishing-as-a-Service Platform Lets Hackers Impersonate More Than 1,100 DomainsA phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms. Attackers are meeting the rise of multifactor authentication by using tools such as Tycoon 2FA.

Loading more headlines...