Threatpost FIN7 Backdoor Masquerades as Ethical Hacking Tool The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil's gonads shrank in response. ‘Scheme Flooding’ Allows Websites to Track Users Across Browsers A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor. Verizon: Pandemic Ushers in ⅓ More Cyber-Misery The DBIR - Verizon's 2021 data breach report - shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers. Ransomware’s New Swindle: Triple Extortion Ransomware attackers are now demanding cash from the customers of victims too. How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting. Colonial Pipeline Shells Out $5M in Extortion Payout, Report According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key. Ransomware Going for $4K on the Cyber-Underground An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. Beyond MFA: Rethinking the Authentication Key Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them. Fresh Loader Targets Aviation Victims with Spy RATs The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. Distributed by aarss.com.