Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.

https://threatpost.com/patching-time-log4j-exploits-vaccine/177017/

The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.

https://threatpost.com/seedworm-attackers-telcos-asia-middle-east/176992/

Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.

https://threatpost.com/kronos-ransomware-outage-payroll-chaos/176984/

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.

https://threatpost.com/malicious-pypi-code-packages/176971/

The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.

https://threatpost.com/apache-log4j-log4shell-mutations/176962/

The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.

https://threatpost.com/extortion-karakurt-threat-ransomware/176911/

U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven.

https://threatpost.com/canadian-ransomware-arrest/176905/

The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.

https://threatpost.com/mikrotik-routers-cybercriminal-target/176894/

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.

https://threatpost.com/malicious-npm-code-packages-discord/176886/

Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.

https://threatpost.com/moobot-botnet-hikvision-surveillance-systems/176879/

The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.

https://threatpost.com/emotets-behavior-spread-are-omens-of-ransomware-attacks/176845/

Underground arbitration system settles disputes between cybercriminals.

https://threatpost.com/scammers-cybercrime-court/176834/

The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.

https://threatpost.com/google-glupteba-botnet-lawsuit/176826/

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

https://threatpost.com/solarwinds-attackers-new-tactics-malware/176818/

U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.

https://threatpost.com/cyber-command-ransomware-groups/176801/

The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.

https://threatpost.com/cuba-ransomware-gang-44m-payouts/176790/

It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy.

https://threatpost.com/pegasus-spyware-state-department-iphones/176779/

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!

https://threatpost.com/cloud-security-challenges-poll/176702/

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.

https://threatpost.com/double-extortion-ransomware-data-leaks/176723/

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.

https://threatpost.com/att-botnet-network/176711/