Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

8 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 8 most recent headlines Filtered view
Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management ServerFortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Bank Info Security 5 months, 3 weeks ago

Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.

Bank Info Security 6 months, 2 weeks ago

Breach Roundup: Clop Tied to Korean Air Vendor Breach

Also: China-Linked APT Hijack Updates, Condé Nast Data Leaked, La Poste HitThis week, a Clop-linked vendor breach hit Korean Air, a China-linked APT hijacked software updates, a critical zero-day flaw remained unpatched, Condé Nast faced a data leak, La Poste was disrupted and Korean police extradited a malware operation suspect.

Bank Info Security 9 months, 1 week ago

Fortra Confirms 'Unauthorized Activity' Hit GoAnywhere MFT

Medusa Ransomware Group Tied to Exploits of Now-Patched Zero-Day VulnerabilityRecent attacks targeting Fortra's GoAnywhere managed file transfer software exploited a "limited" number of customers who set their on-premises installations to have an administrative console publicly exposed to the internet, which the vendor recommends customers never do.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last MonthAffiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Bank Info Security 11 months, 3 weeks ago

File Transfer Flaw Blamed in Health Breach Affecting 233,000

Cierant Corp. Says Cleo MFT Zero-Day Exploit Compromised Health Plan Client DataA Connecticut-based firm that provides print and electronic document management services to health plans has reported to regulators that an exploit of a vulnerability in file transfer software from third-party vendor Cleo has resulted in a health data compromise affecting nearly 233,000 people.

No Patch Yet; Management Interface Lockdown Blunts Attacks, Networking Giant SaysAttackers are exploiting a zero-day vulnerability in some types of Palo Alto Networks firewalls, the cybersecurity giant warned. While details of the flaw remain scant - no patch is available - the vendor urged customers to ensure their firewall management interfaces are not internet-exposed.