Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.

https://threatpost.com/tips-building-advanced-ransomware-resiliency/176052/

The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.

https://threatpost.com/feds-offer-10-million-bounty-on-darkside-info/176030/

NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime.

https://threatpost.com/pegasus-spyware-blacklisted-us/175999/

The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.

https://threatpost.com/magecart-credit-card-skimmer-avoids-vms-to-fly-under-the-radar/175993/

The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.

https://threatpost.com/mekotio-banking-trojan-campaign/175981/

The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor.

https://threatpost.com/tortilla-exchange-servers-proxyshell/175967/

The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.

https://threatpost.com/ransomware-corporate-financial/175940/

‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.

https://threatpost.com/apple-macos-flaw-kernel-compromise/175927/

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.

https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/

Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It’s time for everyone to strengthen the kill chain.

https://threatpost.com/cyber-threats-targeting-all-sectors/175873/

German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang.

https://threatpost.com/revil-ransomware-core-member/175863/

Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site.

https://threatpost.com/grief-ransomware-nra/175850/

Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.

https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

https://threatpost.com/squirrelwaffle-loader-malspams-packing-qakbot-cobalt-strike/175775/

Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”

https://threatpost.com/attackers-hijack-craigslist-email-malware/175754/

The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.

https://threatpost.com/mozilla-firefox-blocks-malicious-add-ons-installed-by-455k-users/175745/

UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.

https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/

The bold move signals a looming clash between Russian ransomware groups and the U.S.

https://threatpost.com/groove-ransomware-revil-revenge-us-cyberattacks/175726/

A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.

https://threatpost.com/billquick-billing-app-ransomware/175720/

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure ‘pen-testing’ company.

https://threatpost.com/fin7-security-pros-ransomware-attacks/175681/