From file backups to movie streaming, network attached storage drives offer plenty of functions and features.

Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week’s top security news.

The tech giants have set a troubling new precedent.

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan.

Nahoft uses encryption to turn chats into a random jumble of words, and it works even when the internet doesnt.

A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The “distinct tradecraft” marks the first instance where a threat actor has been found abusing WSL to install subsequent

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks “Operation Layover,” building onprevious researchfrom the Microsoft Security Intelligence

Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it.

This report discusses the statistics gathered by Kaspersky Safe Kids on the websites and apps children use, and on childrens YouTube search queries in summer 2021.

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue tracked asCVE-2021-41077 concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the

New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw dubbed “Seventh Inferno” (CVSS score: 9.8) is part of a trio of security weaknesses, called Demon’s Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8)

Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. “These attacks used the vulnerability, tracked asCVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon

Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. The change is expected to be rolled out in the coming weeks. “Except for auto-generated passwords that are nearly impossible to remember, we largely create our own

TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned.

You no longer need a long string of characters to access Windows and Office 365.

Microsoft on Tuesday addressed a quartet of security flaws as part of itsPatch Tuesday updatesthat could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure

The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in question Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 are accused of “knowingly and willfully combine, conspire, confederate, and

A day afterAppleandGooglerolled out urgent security updates, Microsoft haspushed software fixesas part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including anactively exploited zero-dayin its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

iOS, Windows, and Chrome all have zero-day vulnerabilities that hackers are going after. Now that the fixes are here, you need to install them asap.