Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.

https://threatpost.com/adobe-cloud-steal-office-365-gmail-credentials/177625/

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.

https://threatpost.com/amazon-azure-clouds-rat-infostealing/177606/

The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.

https://threatpost.com/fin7-mailing-malicious-usb-sticks-ransomware/177541/

The malware establishes initial access on targeted machines, then waits for additional code to execute.

https://threatpost.com/undetected-sysjoker-backdoor-malwarewindows-linux-macos/177532/

Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.

https://threatpost.com/cyber-spike-attacks-high-log4j/177481/

End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says.

https://threatpost.com/eol-systems-stonewalling-log4j-fixes-for-fed-agencies/177475/

There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.

https://threatpost.com/qnap-nas-devices-ransomware-attacks/177452/

Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.

https://threatpost.com/activision-lawsuit-call-of-duty-cheat-codes/177443/

The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.

https://threatpost.com/apple-iphone-malware-fake-shutdowns-spying/177420/

The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.

https://threatpost.com/elephant-beetle-months-networks-financial/177393/

Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.

https://threatpost.com/ftc-pursue-companies-log4j/177368/

The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.

https://threatpost.com/malsmoke-microsoft-e-signature-verification/177363/

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.

https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/

The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.

https://threatpost.com/data-skimmer-sothebys-real-estate-websites/177347/

Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.

https://threatpost.com/purple-fox-rootkit-telegram-installers/177330/

The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.

https://threatpost.com/mcmenamins-data-breach-employee-info/177336/

The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.

https://threatpost.com/portuguese-media-giant-impresa-ransomware/177323/

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.

https://threatpost.com/rise-cyber-recon-security-strategy/177317/

Here’s what cybersecurity watchers want infosec pros to know heading into 2022.

https://threatpost.com/5-cybersecurity-trends-2022/177273/

The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.

https://threatpost.com/2021-log4j-year-review-funny-cybersecurity/177215/