David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them. [...]

At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze. [...]

The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date. [...]

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online. [...]

The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft. [...]

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. [...]

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116. [...]

Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims. [...]

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. [...]

After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game. [...]

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military. [...]

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. [...]

CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment. [...]

Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks. [...]

Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it. [...]

LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline. [...]

The gang's source code is now available to rivals and security researchers alike - and a decryptor likely is not far behind. [...]

Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here's how you can protect your organization from data theft. [...]

A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum. [...]

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. [...]

The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites. [...]

The self-propagating malware's attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines. [...]

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. [...]

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability. [...]

The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks. [...]