Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 7 most recent headlines Filtered view
Bank Info Security 2 months, 3 weeks ago

CISA Hunts for Cisco Backdoor Spotted on Federal Network

'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard FixesThe Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.

Actively Targeted Zero Day Patched; Warning Issued After Device Configurations LeakFortinet has released patches to fix a zero-day vulnerability being actively exploited by attackers. Separately, researchers are warning customers to review their infrastructure after attackers leaked configuration details - including firewall rules and plaintext VPN passwords - for 15,000 devices.

Bank Info Security 1 year, 6 months ago

Zero-Day Patch Alert: Ivanti Connect Secure Under Attack

Suspected Chinese Attackers Again Tied to Active Exploitation of VPN AppliancesVPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are warning users to immediately update their devices, after factory resetting them to flush any malware attackers may have installed.

Also: Ransomware Hackers Demand BaguettesThis week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Not Yet Compatible: Many Third-Party Endpoint Security, Authentication, VPN ToolsMultiple makers of third-party Apple security tools, including CrowdStrike and SentinelOne, are warning users not to upgrade to the new macOS 15 Sequoia, pending needed OS bug fixes. Users have also reported seeing problems with third-party VPNs crashing and single sign-on tools failing.

Bank Info Security 2 years, 1 month ago

Check Point Alert: Attackers Targeting Poorly Secured VPNs

Criminal and Nation-State Focus on Network Edge Devices Continues, Researchers WarnAttackers have been escalating their attempts to compromise poorly secured virtual private networks - including appliances set for password-only authentication - to gain remote, initial access to enterprise networks, Check Point Software Technologies warns.

Bank Info Security 2 years, 2 months ago

State Hackers' New Frontier: Network Edge Devices

Firewalls, VPNs and Email Filter Resist Endpoint ScanningState-sponsored hackers have responded to improved network scanning by shifting their focus to edge devices characterized by patchy endpoint detection and proprietary software that hinders forensic analysis, warns Mandiant. "Attackers are focusing more on evasion," it says in a report.