An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls. [...]

A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration. [...]

Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials. [...]

An hour-long outage hit airlines, banks and the Hong Kong Stock exchange. It's thought to have been caused by a DDoS mitigation service. [...]

A French court fined the furniture giant for illegal surveillance on 400 customers and staff. [...]

Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack. [...]

Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack. [...]

Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter. [...]

The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: "Football." [...]

Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline. [...]

Ransomware group releases decryptors for nearly 3,000 victims, forfeiting millions in payouts. [...]

Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets. [...]

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios. [...]

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability. [...]

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware. [...]

Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations. [...]

Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk, particularly with pandemic-expanded network perimeters. [...]

Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real. [...]

Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles. [...]

Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited. [...]

Utilities’ vulnerability to application exploits goes from bad to worse in just weeks. [...]

Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services. [...]

An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site. [...]

Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft. [...]

A trio of security flaws open the door to remote-code execution and a malware tsunami. [...]