Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 27 Filtered view

GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working exploit dubbed GreatXML that bypasses BitLocker and opens a command shell with full SYSTEM privileges […]

ESET says factory outages, lost revenue, and supply chain disruption are becoming routine Nearly 80 percent of British manufacturers say they've been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual.…

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs

Bank Info Security 3 months, 3 weeks ago

AI Disruption Fears Rattle Cybersecurity Stocks

J.P. Morgan’s Brian Essex on Why Valuations Drop as Fundamentals Hold SteadyInvestor anxiety over AI's long-term impact is dragging down stock valuations despite steady growth and profitability, while companies focus on long-term valuation assumptions and secure business models, said Brian Essex, executive director of U.S. software equity research at J.P. Morgan.

Bank Info Security 8 months, 2 weeks ago

Securing EMV: 'More Is Less' for Security, Researchers Find

Add-On EMV Features Put Merchants at Risk to High-Charging 'Free Lunch' CrooksVariations in how EMV ecosystem players implement the standard, as well as a bevy of features they've bolted on - transit modes, offline payment restrictions - have been "overloading" the specification and introducing exploitable vulnerabilities, warn a team of researchers.

Trend Micro Research, News and Perspectives 1 year, 10 months ago

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

Bank Info Security 2 years, 3 months ago

China Is Using AI to Influence Elections, Microsoft Warns

Chance of AI-Generated Content Affecting Results Appears to Remain Low - for NowChina-backed attackers are continuing to refine their use of content generated using artificial intelligence tools, including audio deepfakes and video news anchors, to sow disruption and influence elections in the U.S., Taiwan, India and beyond, security researchers at Microsoft warn.

Loading more headlines...