The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members. [...]

The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor. [...]

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them. [...]

Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components. [...]

‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations. [...]

An alleged sports content pirate is accused of not only hijacking leagues' streams but also threatening to tell reporters how he accessed their systems. [...]

The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware. [...]

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog : We have discovered ways of manipulating the encoding of source code …

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media. [...]

Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti. [...]

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. [...]

A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood. [...]

Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. [...]

Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner. [...]

New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. [...]

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality. [...]

An SQL-injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. [...]

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. [...]

The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central. [...]

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw. [...]

Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said. [...]

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. [...]

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. [...]

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that's as potent as it is ancient. [...]

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp. [...]