Category: x.tech

Canada’s anti-money laundering agency offline after cyberattack

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a “cyber incident” forced it to take its corporate systems offline as a precaution. FINTRAC is a government agency in Canada that operates as the country’s financial intelligence unit. It is engaged in money laundering investigations, tracking millions of suspicious transactions annually and making thousands of disclosures…

FTC orders Blackbaud to boost security after massive data breach

Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based company listed on NASDAQ with operations in multiple countries and a provider of cloud-based donor data management software catering to nonprofit organizations,…

Share with Care: 2,217 Domains Blocked, the Majority for Circumvention

At the height of the online file-sharing boom, the phrase ‘Sharing is Caring’ was a reminder that peer-to-peer file-sharing systems lived or died on the availability of upload bandwidth. Its presentation allowed it to be about much more than that. The ‘give to get’ philosophy forms part of the BitTorrent protocol even today, but Sharing is Caring was a phrase…

Ukrainian hacker spins up 1 million virtual servers to illegally mine crypto

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.  As announced today by Europol, the suspect is believed to be the mastermind behind a large-scale cryptojacking scheme that involves hijacking cloud computing resources for crypto-mining. By using the computing resources of others’ servers to…

Counter-Strike 2 HTML injection bug exposes players’ IP addresses

Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players’ IP addresses. While initially thought to be a more severe Cross Site Scripting (XSS) flaw, which allows JavaScript code to be executed in a client, the bug was determined only to be an HTML injection…

Cold storage giant Americold discloses data breach after April malware attack

Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and operates more than 24 temperature-controlled warehouses across North America, Europe, Asia-Pacific, and South America. The April network breach led to an outage affecting the company’s operations after…

Toyota warns customers of data breach exposing personal, financial info

Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Last month, the company…

AutoSpill attack steals credentials from Android password managers

Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International Institute of Information Technology (IIIT) at Hyderabad said that their tests showed that most password managers for Android are vulnerable to AutoSpill, even if there is no…

Norton Healthcare discloses data breach following May ransomware attack

Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky. With over 20,000 employees, more than 1,750 employed medical providers, and over 3,000 total…

New SLAM attack steals sensitive data from AMD, future Intel CPUs

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient execution attack that takes advantage of a memory feature that allows software to use untranslated address bits in 64-bit linear addresses for…

US senator: Govts spy on Apple, Google users via mobile notifications

A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. These revelations come after U.S. Senator Ron Wyden, who serves on the Senate Intelligence Committee, sent a letter to the Department of Justice warning that various governments around the world have been requesting push notification data…

Nissan is investigating cyberattack and potential data breach

Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. Details of the attack have not been published but the company informed customers of its Nissan Oceania division of a potential data breach, warning them that there is a risk of scams in the upcoming days….

EU Mulls Expansion of Geo-Blocking ‘Bans’ to Video Streaming Platforms

Consumers who want to watch movies or TV-shows online are limited to the content that they are permitted to see in their home country. This means that the Netflix or Amazon library in one country can be entirely different to those made available in a neighboring nation. This is a direct result of the territorial licensing deals the entertainment industry…

HTC Global Services confirms cyberattack after data leaked online

IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries. While HTC has not posted a statement to the company website, they…

Hackers breach US govt agencies using Adobe ColdFusion exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running  Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier. It was exploited as a zero day before Adobe…

Stealthier version of P2Pinfect malware targets MIPS devices

The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, residential gateways, and video game consoles. P2Pinfect was discovered in July 2023 by Palo Alto Networks…