The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. [...]

A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals. [...]

The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs. [...]

Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more. [...]

If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products. [...]

Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records. [...]

A security flaw in TikTok could have allowed attackers to query query the platform's database – potentially opening up for privacy violations. [...]

Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in. [...]

The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series. [...]

The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords. [...]

Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve. [...]

Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm. [...]

Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms. [...]

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite. [...]

Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers. [...]

Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution. [...]

The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks. [...]

Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. [...]

Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data. [...]

Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more. [...]

The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram. [...]

Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers. [...]

On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet. [...]

Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt. [...]

Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users. [...]