There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. [...]

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. [...]

Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages. [...]

The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week. [...]

ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. [...]

The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen. [...]

A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. [...]

The accounts fell victim to credential-stuffing attacks, according to the New York State AG. [...]

The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars. [...]

More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October. [...]

A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating past email security – went unaddressed despite flagging by multiple researchers. [...]

Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned. [...]

The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries. [...]

Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. [...]

SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets. [...]

The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. [...]

Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites. [...]

The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. [...]

The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack. [...]

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. [...]

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. [...]

Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them. [...]

Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency. [...]

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. [...]

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. [...]