CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. | Continue reading
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity. | Continue reading
Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token… | Continue reading
A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. | Continue reading
The vulnerability is triggered when a cloud container pulls a malicious image from a registry. | Continue reading
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw. | Continue reading
Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. | Continue reading
Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent. | Continue reading
CEO says Apple rejected a security update needed to protect human-rights abuse evidence. | Continue reading
A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts. | Continue reading
The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition. | Continue reading
The EFF and other companies have lunched the Canary Watch site to monitor warrant canaries related to NSA surveillance. | Continue reading
A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices. | Continue reading
Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress. | Continue reading
The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months. | Continue reading
Researchers say the new RedXOR backdoor is targeting Linux systems with various data exfiltration and network traffic tunneling capabilities. | Continue reading
Sky ECC claims that cops cracked a fake version of the app being passed off by disgruntled reseller. | Continue reading
A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users. | Continue reading
Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT – while more incidents spread like wildfire. | Continue reading
Attackers have weaponized code dependency confusion to target internal apps at tech giants. | Continue reading
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users. | Continue reading
The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning. | Continue reading
The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data. | Continue reading
A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies. | Continue reading
DoppelPaymer ransomware gang claims credit for Kia’s outage, demands $20 million in double-extortion attack. | Continue reading
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug. | Continue reading
The LodaRAT – known for targeting Windows devices – has been discovered also targeting Android devices in a new espionage campaign. | Continue reading
In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to. | Continue reading
Remote work continues to fueling a spike in phishing and cyberattacks, particularly in the U.S. | Continue reading
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers. | Continue reading
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info. | Continue reading
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.' | Continue reading
February’s security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8. | Continue reading
The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges. | Continue reading
Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal. | Continue reading
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet. | Continue reading
A phishing kit has been found running on at least 700 domains – and mimicking services via false SharePoint, OneDrive and Office 365 login portals. | Continue reading
The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks. | Continue reading
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn. | Continue reading
The nation-state actor is looking to speed up vaccine development efforts in North Korea. | Continue reading
Investigation reveals device sector is problem plagued when it comes to security bugs. | Continue reading
Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers. | Continue reading
Meanwhile, FireEye has found a kill switch, and Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. | Continue reading
Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support. | Continue reading
The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure. | Continue reading
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. | Continue reading
While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense. | Continue reading
The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists. | Continue reading