A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking. [...]

The Conti gang breached the cookware giant's network, prepping thousands of employees’ personal data for consumption by cybercrooks. [...]

The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. [...]

Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout. [...]

Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC. [...]

And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more. [...]

A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics. [...]

Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn. [...]

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown. [...]

In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds. [...]

In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds. [...]

A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. [...]

R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation. [...]

Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. [...]

Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files. [...]

Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum. [...]

The accounts fell victim to credential-stuffing attacks, according to the New York State AG. [...]

More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October. [...]

The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. [...]

The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. [...]

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. [...]

A look back at what was hot with readers in this second year of the pandemic. [...]

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. [...]

Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking. [...]

The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September. [...]