The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. [...]

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. [...]

A look back at what was hot with readers in this second year of the pandemic. [...]

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. [...]

Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. [...]

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. [...]

Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks. [...]

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. [...]

Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects. [...]

Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack. [...]

Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice. [...]

There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. [...]

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. [...]

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. [...]

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. [...]

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. [...]

T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls. [...]

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. [...]

Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones. [...]

Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware. [...]

Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges. [...]

The discovery, which affects services running as localhost that aren't exposed to any network or the internet, vastly widens the scope of attack possibilities. [...]

Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. [...]

The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions. [...]

Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies. [...]