Category: z-Exclude

LONDON: The Bank of England on Wednesday said its multiple interest-rate hikes aimed at cooling high inflation would prolong a cost-of-living crisis but stressed UK retail banks could contain the fallout. The BoE’s Financial Policy Committee (FPC) said in a report that almost five million UK homeowners would see mortgage repayments soar over the next three years. Retail banks tend to pass on BoE rate hikes, hitting customers whose home loans come with variable rates and those whose fixed-term deals…

IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries. While HTC has not posted a statement to the company website, they issued a brief announcement last night on X confirming the attack. “HTC has experienced a cybersecurity incident,” reads a tweet posted to…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running  Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe fixed it in mid-March by releasing ColdFusion 2018 Update 16 and 2021 Update 6. At the time, CISA published a notice…

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, residential gateways, and video game consoles. P2Pinfect was discovered in July 2023 by Palo Alto Networks analysts (Unit 42) as a new Rust-based worm that targets Redis servers vulnerable to CVE-2022-0543. Following its initial discovery, Cado Security analysts…

Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the Middle East. The tech giant also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks, including CVE-2023-38831 in WinRAR and CVE-2021-40444 in Windows…

Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch. Tipalti offers technology solutions for accounting, payment processing, eCommerce, and affiliate and influencer programs. The company has numerous well-known customers, including Twitch, Roblox, ZipRecruiter, Roku, GoDaddy, Canva, and X. “Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers,” Tipalti told BleepingComputer…

The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical ‘Citrix Bleed’ Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed (tracked as CVE-2023-4966) to breach their targets’ networks by circumventing login requirements and multifactor authentication protections. HHS’ security team, the Health Sector Cybersecurity Coordination Center (HC3), issued a sector alert on Thursday urging all U.S. healthcare organizations to secure vulnerable NetScaler ADC and NetScaler Gateway devices against ransomware gangs’ attacks….

A statistician has come forward with disturbing information that, if correct, will promote doubt on the safety of mRNA vaccination for decades into the future. The whistleblower was involved with building and implementing the New Zealand government database vaccine payment system, a ‘pay per dose system’ that would remit payments to vaccination providers. In an interview with New Zealand journalist and lawyer Liz Gunn, and using a false name of Winston Smith, the statistician states that science is all about…

American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach’s impact and protect customer data. Staples operates 994 stores in the US and Canada, along with 40 fulfillment centers for nationwide product storage and dispatch. The disclosure comes after multiple Reddit reports posted online since Monday reported various Staples internal operation problems, including an inability to access Zendesk, VPN employee portals, print email, use phone lines, and more. Additionally,…

  SINGAPORE – Venture Corporation said on Nov 30 that its board of directors has established a share buyback plan to purchase up to 10 million ordinary shares of the company. This plan was authorised by the board on Nov 29, following the approval of Venture’s shareholders of the share purchase mandate at the annual general meeting on April 27, the company said in a bourse filing. Under the mandate, the company can buy up to about 14.5 million shares,…

CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could have severe repercussions, such as water supply contamination through manipulating the device to alter chemical dosing. Other risks include service disruption leading to a halt in water supply and physical damage to the infrastructure by overloading pumps or opening and…

BRUSSELS: Alexander Pumpyansky, the son of Russian tycoon Dmitry Pumpyansky, won an appeal against sanctions the European Union introduced over Russia’s invasion of Ukraine, the bloc’s court said on Wednesday. In the ruling, the court said the EU council had admitted that from March 9, 2022 – two weeks after the invasion of Ukraine and six months before the first set of sanctions – Pumpyansky was no longer president and member of the board of Sinara nor board member of TMK,…

The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, which is mixed among many different wallet addresses to help prevent it from being accurately traced. The mixing service takes a commission from the crypto deposited, and after it is “mixed,” it will send it to another wallet address owned by…

The aircraft carrier Dwight D. Eisenhower and its carrier strike group transited the Strait of Hormuz on Sunday and entered the Persian Gulf, after arriving in the waters of the Middle East earlier this month amid heightened tensions in the region stemming from the conflict between Israel and Hamas. The carrier, which departed Norfolk, Virginia, in October for a scheduled deployment, is the first carrier to steam in those waters since the Nimitz Carrier Strike Group operated there in September…

  American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022. It first disclosed on October 15 that it had to take some systems offline to contain another cyberattack that impacted its business one day before. More than a month…

China said a surge in mycoplasma-caused pneumonia in children shows signs of ebbing, but warned that other respiratory illnesses are likely to hit the broader population hard during the mainland’s first winter after Covid restrictions. Health authorities in Beijing say flu, adenovirus and respiratory syncytial virus have surpassed mycoplasma as the most frequently detected pathogens among patients at the city’s top pediatric medical centers.Nearby Tianjin and financial hub Shanghai have also seen their mycoplasma positivity rates trending down in recent…