Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions. [...]

Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It's not achieving visibility. [...]

It's unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable. [...]

Networking giant issues two critical patches and six high-severity patches. [...]

Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools. [...]

CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. [...]

Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices. [...]

Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite. [...]

Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. [...]

COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. [...]

The botnet cryptominer has already compromised 1,000-plus clouds since June. [...]

Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working. [...]

A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. [...]

A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement. [...]

Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets. [...]

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according …

Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS. [...]

Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix. [...]

Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours. [...]

Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. [...]

Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. [...]

Zoom’s security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup. [...]

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. [...]

The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid. [...]

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. [...]