Will 2022 Be the Year of the Software Bill of Materials?
Praise be & pass the recipe for the software soup: There's too much scrambling to untangle...
The Log4j Vulnerability Puts Pressure on the Security World
It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions...
New ‘White Rabbit’ Ransomware May Be New FIN8 Tool | Threatpost
It's a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and...
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that...
Top Illicit Carding Marketplace UniCC Abruptly Shuts Down
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.
Real Big Phish: Mobile Phishing & Managing User Fallibility
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing,...
Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access...
‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be...
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for...
Microsoft Yanks Buggy Windows Server Updates
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops...
North Korean APTs Stole ~$400M in Crypto in 2021
Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr....
US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite...
New GootLoader Campaign Targets Accounting, Law Firms
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.
Adobe Cloud Abused to Steal Office 365, Gmail Credentials
Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that...
Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft
Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to...
Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts
Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.
Phishers Rip Off High-Profile EA Gamers | Threatpost
Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some...
Here's REALLY How to Do Zero-Trust Security
It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps...
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a...
Critical SonicWall NAC Vulnerability Stems from Apache Mods
Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
Millions of Routers Exposed to RCE by USB Kernel Bug
The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from...
URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a...
Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High
Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of...
EoL Systems Stonewalling Log4j Fixes for Fed Agencies
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a...
Cyberattackers Hit Data of 80K Fertility Patients
Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at...
QNAP: Get NAS Devices Off the Internet Now
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device...
Activision Files Unusual Lawsuit over Call of Duty Cheat Codes
Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders...
Google Voice Authentication Scam Leaves Victims on the Hook
The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated...
Attackers Exploit Flaw in Google Docs’ Comments Feature
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both...
1.1M Compromised Accounts Found at 17 Major Companies
The accounts fell victim to credential-stuffing attacks, according to the New York State AG.
‘Elephant Beetle’ Lurks for Months in Networks
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too...
Broward Breach Highlights Healthcare Supply-Chain Problems
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in...
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating...
FTC to Go After Companies that Ignore Log4j
Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque...
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware –...
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems...
SEGA's Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.
McMenamins Data Breach Affects 12 Years of Employee Info
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
What the Rise in Cyber-Recon Means for Your Security Strategy
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly...
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military...
5 Cybersecurity Trends to Watch in 2022
Here’s what cybersecurity watchers want infosec pros to know heading into 2022.
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer...
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of...
The 5 Most-Wanted Threatpost Stories of 2021
A look back at what was hot with readers in this second year of the pandemic.
4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and...
Telegram Abused to Steal Crypto-Wallet Credentials
Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials...
‘Spider-Man: No Way Home’ Download Installs Cryptominer
The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers...
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching...