Australian immunization app bug lets attackers fake vaccine status. [...]

The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign. [...]

Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files. [...]

Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help. [...]

The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks. [...]

Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed. [...]

The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it. [...]

A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions. [...]

Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats. [...]

Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack. [...]

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. [...]

Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. [...]

The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider. [...]

Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data. [...]

An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money. [...]

The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data. [...]

The BrakTooth set of security vulnerabilities impacts at least 11 vendors' chipsets. [...]

A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app. [...]

There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet. [...]

David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them. [...]

Users should be careful whose pics they view and should, of course, update their apps. [...]

Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely. [...]

IoT vulnerabilities turned the remote into a listening device, researchers found, which impacted 18 million Xfinity customers. [...]

Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned. [...]

The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack. [...]