Threatpost

This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks.

Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.

Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.

A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.

Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.

A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.

Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.

An hour-long outage hit airlines, banks and the Hong Kong Stock exchange. It's thought to have been caused by a DDoS mitigation service.

A French court fined the furniture giant for illegal surveillance on 400 customers and staff.

Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack.

Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: "Football."

Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.

Ransomware group releases decryptors for nearly 3,000 victims, forfeiting millions in payouts.    

Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from 'vendors' that have previously installed backdoors on targets.

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.

SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.