Several proof-of-concept (POC) exploits were released for "Zerologon," a critical elevation of privilege vulnerability found in Microsoft's Netlogon Remote Protocol. The vulnerability, discovered by Secura researchers, impacts all supported Windows…

Researchers have found bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365.  The flaws exist in the implementation of what is called the WS-Trust specification in cloud…

The FBI recently issued a private security alert to the US financial sector warning organizations of the rise in credential stuffing attacks against their networks as well as an increase in breaches and significant financial losses resulting from such…

A team of researchers at Temple University in Philadelphia has been tracking ransomware attacks on critical infrastructure. The collection of data on these attacks can be requested by anyone, including educators, grad students, government representatives…

Fairfax County Public Schools (FCPS), Virginia's largest school system, recently faced a ransomware attack on its technology systems. The Maze hacking group claimed to have been behind the attack. This ransomware attack disrupted distance learning for…

Due to the coronavirus, the number of telehealth primary care visits has increased exponentially.  In a new study, researchers reviewed the 148 most-used telehealth vendors.  The researchers found that telehealth providers have experienced a…

A security consultant discovered a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer's infrastructure to the public internet, where anyone could access the information.  Razer is a company that sells gaming gear.  It is…

A report recently published by Coalition, one of the leading providers of cyber insurance and security, revealed that ransomware incidents made up 41% of cyber insurance claims filed in the first half of 2020. The high number of claims confirms…

Researchers at Purdue University have discovered a flaw they are calling "BLURtooth." The high-severity Bluetooth vulnerability exists in the pairing process for Bluetooth 4.0 through 5.0 implementations. The vulnerability could allow an unauthenticated…

Reports from Microsoft and Intezer reveal the weaponization of a legitimate cloud monitoring tool, called Weave Scope, to install cryptominers in cloud environments. TeamTNT is the hacking group discovered to be using the tool to perform this malicious…

Six critical vulnerabilities have been discovered by Claroty researchers in a third-party software component used by top Industrial Control System (ICS) software vendors such as Rockwell Automation and Siemens. These vulnerabilities were found in Wibu-…

According to a new study published in JAMA, almost all websites designed to provide information to people regarding COVID-19 symptoms, testing, and prevention contain code that transfers data to third parties, posing a threat to users' privacy.…