An ingenious attack on Android devices self-propagates, with the potential for a range of damage. [...]

Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations. [...]

The student opted for “free” software packed with a keylogger that grabbed credentials later used by "Totoro" to get into a biomolecular institute. [...]

'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in. [...]

Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware. [...]

‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes. [...]

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. [...]

Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas. [...]

An intense hunt for corporate account credentials will continue into next quarter, researchers predict. [...]

New deepfake products and services are cropping up across the Dark Web. [...]

Researchers fear wider exposure, amidst a tepid response from Experian. [...]

A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. [...]

The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes. [...]

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps. [...]

Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims. [...]

Nintendo is questing after its third successful lawsuit against circumvention-device sellers, this time against Team Xecuter. [...]

Phil Richards, Chief Security Officer at Ivanti, discusses dramatic growth in smishing and what to do about it. [...]

Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it's a fave for cybercriminals too. [...]

Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices. [...]

You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list. [...]

David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups. [...]

Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan. [...]

CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. [...]

Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots. [...]

The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity. [...]