Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. [...]

Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them. [...]

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. [...]

The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles. [...]

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. [...]

A look back at what was hot with readers in this second year of the pandemic. [...]

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. [...]

Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. [...]

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. [...]

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. [...]

Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects. [...]

Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice. [...]

There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits. [...]

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. [...]

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. [...]

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. [...]

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. [...]

Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones. [...]

Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware. [...]

The discovery, which affects services running as localhost that aren't exposed to any network or the internet, vastly widens the scope of attack possibilities. [...]

The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions. [...]

Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies. [...]

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. [...]

The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access. [...]

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. [...]