Category: z-Exclude

Saudi Diplomatic Exchanges and Technological Developments Amidst Political Shifts in North Africa In a recent diplomatic exchange, the Crown Prince of Morocco, Prince Hassan bin Mohammed, received a verbal message from the Saudi Arabian King and Crown Prince, King Salman bin Abdulaziz, and Crown Prince Mohammed bin Salman. The message reiterated the robust fraternal relations between the two nations, discussing how to further enhance and develop these ties across diverse sectors. Saudi Arabia’s Strategic Diplomatic Engagements On another diplomatic front,…

The Idaho National Laboratory (INL) confirmed that attackers stole the personal information of more than 45,000 individuals after breaching its cloud-based Oracle HCM HR management platform last month. INL is one of 17 U.S. Department of Energy’s (DOE’s) national laboratories, and it employs 6,100 researchers and support staff involved in national security and nuclear research. On November 20, it confirmed a “cybersecurity data breach” that impacted its off-site Oracle HCM system one day before. CISA and FBI are looking into…

Since the major data protection provisions of Quebec’s Law 25 went into effect in September, privacy professionals within the province and Canada at large now face the prospect of a more stringent enforcement regime under the provincial data protection authority, the Commission d’accès a l’information du Québec. To ease compliance burdens, Canada-based privacy tech vendors Data Sentinel and Denodo joined forces to develop a Law 25 compliance solution, now available to the market. Denodo Director, Partner and Channels Sales Robert…

Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players’ IP addresses. While initially thought to be a more severe Cross Site Scripting (XSS) flaw, which allows JavaScript code to be executed in a client, the bug was determined only to be an HTML injection flaw, allowing the injection of images. Counter-Strike 2 uses Valve’s Panorama UI, a user interface that heavily incorporates CSS, HTML,…

Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and operates more than 24 temperature-controlled warehouses across North America, Europe, Asia-Pacific, and South America. The April network breach led to an outage affecting the company’s operations after Americold forced it to shut down its IT network to contain the breach and “rebuild the impacted systems.” Americold also…

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about…

Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International Institute of Information Technology (IIIT) at Hyderabad said that their tests showed that most password managers for Android are vulnerable to AutoSpill, even if there is no JavaScript injection. How AutoSpill works Android apps often use WebView controls to render web content, such as login pages within…

A French juvenile court on Friday convicted six teenagers for their roles in the beheading of a teacher by an Islamist extremist that shocked the country. Teacher Samuel Paty was killed outside his school in 2020 after showing his class cartoons of Islam’s Prophet Muhammad during a debate on free expression. The attacker, a young Chechen who had radicalized, was killed by police. The court found five of the defendants, who were 14 and 15 at the time of the…

US-based genomics scientist Kevin McKernan says he has lost an estimated US $200,000 worth of research data after his account on file hosting service MEGA was deleted overnight. It appears that McKernan’s account was deleted by MEGA in response to an urgent injunction granted to New Zealand’s (NZ) Ministry of Health (MOH) to prevent the sharing of anonymised data leaked by whistleblower Barry Young. Young, a 56-year-old database administrator and former employee of the MOH, leaked data from a ‘pay…

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient execution attack that takes advantage of a memory feature that allows software to use untranslated address bits in 64-bit linear addresses for storing metadata. CPU vendors implement this in different ways and have distinct terms for it. Intel calls it Linear Address Masking…

WASHINGTON — The military announced late Wednesday it was grounding all of its Osprey V-22 helicopters, one week after eight Air Force Special Operations Command service members died in a crash off the coast of Japan. The Air Force, Navy and Marine Corps took the extraordinary step of grounding hundreds of aircraft after a preliminary investigation of last week’s crash indicated that a materiel failure — that something went wrong with the aircraft — and not a mistake by the crew…

Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. Details of the attack have not been published but the company informed customers of its Nissan Oceania division of a potential data breach, warning them that there is a risk of scams in the upcoming days. Nissan Oceania is a regional division of the famous Japanese automaker that covers distribution, marketing, sales, and services in Australia…

LONDON: The Bank of England on Wednesday said its multiple interest-rate hikes aimed at cooling high inflation would prolong a cost-of-living crisis but stressed UK retail banks could contain the fallout. The BoE’s Financial Policy Committee (FPC) said in a report that almost five million UK homeowners would see mortgage repayments soar over the next three years. Retail banks tend to pass on BoE rate hikes, hitting customers whose home loans come with variable rates and those whose fixed-term deals…

IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries. While HTC has not posted a statement to the company website, they issued a brief announcement last night on X confirming the attack. “HTC has experienced a cybersecurity incident,” reads a tweet posted to…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running  Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice…

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, residential gateways, and video game consoles. P2Pinfect was discovered in July 2023 by Palo Alto Networks analysts (Unit 42) as a new Rust-based worm that targets Redis servers vulnerable to CVE-2022-0543. Following its initial discovery, Cado Security analysts…