Sounil Yu, CISO at JupiterOne, discusses the growing mesh of integrations between SaaS applications, which enables automated business workflows - and rampant lateral movement by attackers, well outside IT's purview. [...]

December's Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities. [...]

The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware. [...]

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what's vulnerable, what an attack looks like and to how to remediate. [...]

Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed. [...]

The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats. [...]

Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking. [...]

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. [...]

The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said. [...]

The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September. [...]

U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven. [...]

The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said. [...]

Enlarge (credit: Getty Images ) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each …

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. [...]

Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned. [...]

The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets. [...]

Underground arbitration system settles disputes between cybercriminals. [...]

The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely. [...]

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing. [...]

U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies. [...]

The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned. [...]

It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy. [...]

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll! [...]

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. [...]

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. [...]