Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users. [...]

Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. [...]

It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. [...]

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. [...]

Researchers offer more detail on the bug, which can allow attackers to completely take over targets. [...]

The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al. [...]

Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. [...]

Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found. [...]

End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says. [...]

Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files. [...]

There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. [...]

Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages. [...]

The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week. [...]

A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. [...]

The accounts fell victim to credential-stuffing attacks, according to the New York State AG. [...]

The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars. [...]

More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October. [...]

A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating past email security – went unaddressed despite flagging by multiple researchers. [...]

Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned. [...]

The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries. [...]

Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December. [...]

SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets. [...]

The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. [...]

The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack. [...]

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. [...]