Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said. [...]

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. [...]

If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds. [...]

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. [...]

Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production. [...]

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. [...]

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. [...]

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that's as potent as it is ancient. [...]

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp. [...]

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. [...]

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It's kept up attacks through 2021 and is working on retooling its arsenal yet again. [...]

Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment. [...]

An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off. [...]

TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages. [...]

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses. [...]

Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass. [...]

A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks. [...]

The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks. [...]

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. [...]

The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever. [...]

Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees. [...]

IPTV and IP video security is increasingly under scrutiny, even by high school kids. [...]

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones. [...]

The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active. [...]

Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times. [...]