Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 19 most recent headlines Filtered view

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

Bank Info Security 2 months, 3 weeks ago

CISA Hunts for Cisco Backdoor Spotted on Federal Network

'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard FixesThe Cybersecurity and Infrastructure Security Agency issued an emergency directive warning a newly-discovered Cisco backdoor can survive routine remediation processes, forcing agencies to investigate edge devices that anchor federal firewall and VPN security.

Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild

Bank Info Security 1 year, 3 months ago

Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All

CISA Publishes Anatomy of Advanced Ivanti VPN MalwareHackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware "contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler."

Bank Info Security 1 year, 4 months ago

Breach Roundup: US Army Officer Guilty of Selling Data

Also, AI Video Mocking Trump and Musk Disrupts HUD OfficesThis week, a U.S. Army soldier pleaded guilty, an AI video displayed to federal workers mocked Donald Trump and Elon Musk, a Saudi firm hit by ransomware, a new North Korean scam, hackers targeted Ukrainian notaries, CISA flagged two flaws, a botnet targeted Microsoft 365 and unpatched Ivanti VPNs.

Bank Info Security 2 years, 4 months ago

Hackers Compromised Ivanti Devices Used by CISA

Cybersecurity Agency Says 'No Operational Impact'The U.S. Cybersecurity and Infrastructure Security Agency apparently had a good reason to urge federal agencies into resetting vulnerable Ivanti VPN devices: Hackers breached two gateways used by CISA, forcing the agency to yank them offline. The agency "immediately took offline" the impacted VPNs.

Bank Info Security 2 years, 4 months ago

Ivanti Disputes CISA Findings of Post-Factory Reset Hacking

Gateway Maker Says Technique Won't Succeed in Live Customer EnvironmentCorporate VPN maker Ivanti disputed findings by the U.S. cybersecurity agency that said hackers can establish persistence on rooted appliances through a factory reset but nonetheless released an updated integrity checking tool Tuesday. Ivanti has been in emergency response mode since early January.

Bank Info Security 2 years, 5 months ago

Feds Face a Midnight Deadline for Resetting Ivanti Gateways

CISA Says Agencies Must Disconnect and Reset Ivanti VPN Devices by Midnight FridayU.S. federal agencies have until midnight Friday to disconnect Ivanti VPN devices and perform a factory reset before reconnecting them to the network. Fifteen agencies use the gateways, which were hit by likely Chinese hackers in an espionage campaign and are riddled with zero-day vulnerabilities.

Bank Info Security 2 years, 5 months ago

CISA Directs Agencies to Mitigate Ivanti Zero-Day Exploits

US Agencies Told to Remove Ivanti's Affected Products From Federal NetworksThe U.S. Cybersecurity and Infrastructure Security Agency directed federal agencies to implement mitigation measures for two zero-day exploits that affect Ivanti’s popular VPN products while they await a patch, in what one official described as "a rapidly evolving situation."

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [...]

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [...]