The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft. [...]

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. [...]

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116. [...]

Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims. [...]

After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game. [...]

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. [...]

LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline. [...]

Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here's how you can protect your organization from data theft. [...]

A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum. [...]

Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials. [...]

The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites. [...]

The self-propagating malware's attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines. [...]

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. [...]

Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability. [...]

The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack. [...]

The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload. [...]

Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released. [...]

The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.” [...]

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications. [...]

American IT companies and government have been targeted by the Nobelium state-sponsored group. [...]

For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers. [...]

Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network. [...]

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter. [...]

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There's an exploit. [...]

Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices. [...]