The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack. [...]

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. [...]

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. [...]

Opposition leader Donald Tusk calls for inquiry after watchdog says government’s rivals were targeted by Pegasus spyware Polish opposition leader Donald Tusk said on Tuesday reports that the government spied on its opponents represented the country’s biggest “crisis for democracy” since the end of communism. A cybersecurity …

The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. [...]

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. [...]

A look back at what was hot with readers in this second year of the pandemic. [...]

Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. [...]

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. [...]

Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks. [...]

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. [...]

Exclusive: Analysis of Kamel Jendoubi’s mobile phone reveals he was targeted in August 2019 The mobile phone of a UN-backed investigator who was examining possible war crimes in Yemen was targeted with spyware made by Israel’s NSO Group, a new forensic analysis of the device has revealed …

A vulnerability has been exposed in Minecraft, the bestselling video game of all time – and the security implications outside the world of gaming are vast In one of those delicious coincidences that warm the cockles of every tech columnist’s heart, in the same week that the entire internet …

Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones. [...]

Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges. [...]

Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. [...]

The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions. [...]

Enlarge (credit: Getty Images ) An Android app with more than 500,000 downloads from Google Play has been caught hosting malware that surreptitiously sends users’ contacts to an attacker-controlled server and signs up users to pricey subscriptions, a security firm reported. The app, named Color Message, was still available …

Enlarge (credit: Jeremy Brooks / Flickr ) A US federal agency has been hosting a backdoor that can provide total visibility into and complete control over the agency network, and the researchers who discovered it have been unable to engage with the administrators responsible, security firm Avast said on Thursday. The …

Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies. [...]

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. [...]

The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access. [...]

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. [...]

"Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. [...]

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. [...]