Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month.Zerologon is a critical 10/10 rated security flaw tracked as CVE-2020-1472 which, when successfully exploited, enables attackers to elevate privileges to domain administrator an

The US National Security Agency (NSA) has warned enterprises that adoption of encrypted DNS services can lead to a false sense of security and even disrupt their own DNS-monitoring tools.DNS over HTTPS (DoH) has become an increasingly popular way to improve privacy and integrity by protecting DNS traffic between a client and a DNS resolver from unauthorized

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Apache Velocity i

Cisco announced it will no longer release firmware updates to fix 74 vulnerabilities affecting its RV routers, which reached end-of-life (EOL). Cisco will no longer release firmware updates to address 74 vulnerabilities affecting some of its RV routers that reached end-of-life (EOL). The vendor will not release updates for RV110W, RV130, RV130W, and RV

Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk. In 2018, scammers raked in $180,000 using a successful Elon Musk giveaway scam promoted on Twit

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716, that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Ma

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Witho

The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors' DNS traffic eavesdropping and manipulation attempts and to block access to internal network information.NSA's recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environme

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook's website and from users' systems without authorization.The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the "Oink and Stuff" busines

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively. The attacks aimed at government institutions and priva

Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday.In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attac

However you look at it, 2020 has been one of the strangest years ever. Many of us were able to work from home for the first time, online shopping became the norm, and for long periods of time, video calling was the only way we could talk to our loved ones. So what can we expect in the new year? An increase in scammer activity Security researchers have recent

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrup

Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.Some of the brands abused through this scam are extremely popular in Europe and include LeBonCoin, Allegro, OLX, Sbazar, FAN Courier, Lalafo, Kufar and DHL.Scam expanding to Eu

The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services.  The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’ cloud services. According to the agency, the attackers conducted phishing campaigns and exploited p