Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

26 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 26 Filtered view

Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…

Trend Micro Research, News and Perspectives 10 months, 1 week ago

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks

Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide.

Bank Info Security 10 months, 1 week ago

Hackers Compromise 18 NPM Packages in Supply Chain Attack

Attacker Socially Engineered Developer With Phishing EmailA hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week.

Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware

'The greatest concern is with spear phishing and social engineering' Interview Now that criminals have realized there's no need to train their own LLMs for any nefarious purposes - it's much cheaper and easier to steal credentials and then jailbreak existing ones - the threat of a large-scale supply chain attack using generative AI becomes more real.…

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars

Scammers Use Social Engineering and Phishing to Fool Workers and IT Help Desk StaffFederal authorities warn of social engineering and phishing scams - sometimes targeting IT help desk workers - that allow attackers to steal login credentials and access healthcare sector entities' IT systems so they can divert automated clearinghouse payments to bank accounts the attackers control.

Hacking your way in is so 2022 – logging in is much easier Identity-related threats pose an increasing risk to those protecting networks because attackers – ranging from financially motivated crime gangs and nation-state backed crews – increasingly prefer to log in using stolen credentials instead of exploiting vulnerabilities or social engineering.…

Bank Info Security 2 years, 6 months ago

AHA: Rise in Scams Targeting IT Help Desks for Payment Fraud

American Hospital Association Warns of Social Engineering SchemesThe American Hospital Association is warning of increasingly sophisticated social engineering scams targeting hospital IT help desks with schemes involving the stolen credentials of revenue cycle and other finance employees to commit payment fraud against the institutions.

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware

Loading more headlines...