Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021. [...]

The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. [...]

The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft's Patch Tuesday release last week. [...]

Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch. [...]

Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh. [...]

Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed. [...]

Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization. [...]

Separate attacks last week on the country’s Department of Health and Health Service Executive forced the shutdown of networks and services that still haven’t been fully restored. [...]

You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market. [...]

The latest Magecart iteration is finding success with a new PHP web shell skimmer. [...]

Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity's new mandate in the post-pandemic world: Bounce back stronger. [...]

The criminal forum washed its hands of ransomware after DarkSide's pipeline attack & alleged shutdown: A "loss of servers" that didn't stop another attack. [...]

The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users. [...]

Pandemic and evolving IT demands are having a major, negative impact on CISOs' mental health, a survey found. [...]

The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. [...]

The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil’s gonads shrank in response. [...]

A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. [...]

The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers. [...]

Ransomware attackers are now demanding cash from the customers of victims too. [...]

Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting. [...]

According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. [...]

An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. [...]

Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them. [...]

The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. [...]

The ‘Send My’ exploit can use Apple's locator service to collect and send information from nearby devices for later upload to iCloud servers. [...]