Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. In the letter sent…
Author: Cybernoz
Windows BitLocker Bypass Vulnerability Let Attackers Bypass Security Feature
A critical security vulnerability in Windows BitLocker enables attackers to bypass the encryption feature through a sophisticated time-of-check time-of-use (TOCTOU) race condition attack. Designated as…
Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk
A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data. The vulnerability,…
Suspected contractor for China’s Hafnium group arrested in Italy
Italian authorities and FBI agents have arrested a Chinese man who allegedly helped Beijing’s Hafnium group conduct a series of high-profile cyberattacks in 2020 and…
New ServiceNow flaw lets attackers enumerate restricted data
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. ServiceNow…
Microsoft 365 PDF Export LFI Vulnerability Allows Access to Sensitive Server Data
A critical Local File Inclusion (LFI) vulnerability was recently discovered in Microsoft 365’s Export to PDF functionality, potentially allowing attackers to access sensitive server-side data,…
FUNNULL Uses Amazon and Microsoft Cloud to Hide Malicious Infrastructure
A sophisticated threat network called “Triad Nexus,” which operates through the FUNNULL content delivery network (CDN) to hide malicious infrastructure within major Western cloud providers…
NAO says government should employ data analytics to tackle fraud
Government departments have 28 data-sharing agreements in place to detect fraud, but a report from the National Audit Office (NAO), has found there is insufficient…
M&S chairman calls for mandatory disclosure of material cyberattacks
The chairman of Marks & Spencer, the British department-store chain targeted by hackers in an April social-engineering attack, said Tuesday that the British government should…
Ingram Micro starts restoring systems after ransomware attack
Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday. Last Thursday, IT distributor…
Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors
Remote monitoring and management (RMM) tools are a go-to for IT teams, but that same power makes them a favorite trick up attackers’ sleeves, too.…
Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
Microsoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user…