data breach | Breaking Cybersecurity News | The Hacker News

Data storage devices maker Western Digital on Monday disclosed a "network security incident" that involved unauthorized access to its systems. The  breach  is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "number of the company's systems." Following the discovery of the hack, Western Digital said it has initiated incident response efforts and enlisted the help of cybersecurity and forensic experts to conduct an investigation. It also said it's coordinating with law enforcement agencies on the matter, adding the probe is in its initial stages. The company has taken several of its services offline, noting that the threat actor may have obtained "certain data from its systems" and that it's working on estimating the nature and scope of the data accessed. While Western Digital did not reveal the exact services that are impacted, the  My Cloud status page  shows that cloud, proxy, web, authentica

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been  formally charged  in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was  arrested  on March 15, 2023. "Cybercrime victimizes and steals financial and personal information from millions of innocent people," said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. "This arrest sends a direct message to cybercriminals: your exploitative and illegal conduct will be discovered, and you will be brought to justice." The development comes days after Baphomet, the individual who had taken over the responsibilities of BreachForums,  shut down the website , citing concerns that law enforcement may have obtained access to its backend. The Department of Justice (DoJ) has since confirmed that it co

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The  glitch , which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to temporarily shut down the chatbot. "It's also possible that the first message of a newly-created conversation was visible in someone else's chat history if both users were active around the same time," the company  said . The bug, it further added, originated in the  redis-py library , leading to a scenario where canceled requests could cause connections to be corrupted and return unexpected data from the database cache, in this case, information belonging to an unrelated user. To make matters worse, the San Francisco-based AI research company said it introduce

2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless, stolen data has value beyond a price tag, and in risky ways you may not expect. Evaluating stolen records is what  Lab 1, a new cyber monitoring platform , believes will make a big difference for long-term cybersecurity resilience. Think of data value this way:  Stolen credentials can become future phishing attacks Logins for adult websites are potential extortion attempts Travel and location data are a risk to VIPs and senior leadership, And so on… Hackers could retaliate for non-payment by simply posting their loot to forums where the data will be available for further enrichment and exploitation.  Shining a light on dark places Even though your company may not have suffered a di

U.S. law enforcement authorities have arrested a 21-year-old New York man in connection with running the infamous BreachForums hacking forum under the online alias " Pompompurin ." The development, first reported by  Bloomberg Law , comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill." "At one point, investigators were seen removing several bags of evidence from the house," the New York-based local news service  added . According  to an  affidavit  filed by the Federal Bureau of Investigation (FBI), the suspect identified himself as Conor Brian Fitzpatrick and admitted to being the owner of the BreachForums website. "When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias 'pompompurin,' and c) he was the owner and administrator of 'BreachForums,&#

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The  disclosure  comes from a  joint advisory  issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC). "Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch (FCEB) agency's Microsoft Internet Information Services (IIS) web server," the agencies  said . The indicators of compromise (IoCs) associated with the digital break-in were identified from November 2022 through early January 2023. Tracked as  CVE-2019-18935  (CVSS score: 9.8), the issue relates to a .NET  deserialization vulnerability  affecting Progress Telerik UI for ASP.NET AJAX that, if left unpatched, could  lead to remote code exec

Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today,  accounting for more than 30% of all known breaches . And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take advantage of the chaos and lack of in-person user verification.  This has led to the revival of the old-school technique of vishing, which, like phishing online, involves using social engineering over the phone to steal sensitive information. Vishing attacks have  been on the rise  as a result, with 69% of companies experiencing them in 2021, up from 54% in 2020. These attacks often take the form of job or tech support scams and can be incredibly convincing. In August 2020, the  FBI along with the CISA  issued a warning regarding remote users being targeted by attackers spoofing organizati

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week  revealed  how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with details "available from a third-party data breach and a vulnerability in a third-party media software package to launch a coordinated second attack" between August and October 2022. The intrusion ultimately enabled the adversary to steal partially encrypted password vault data and customer information. The second attack specifically singled out one of the four DevOps engineers, targeting their home computer with a keylogger malware to obtain the credentials and breach the cloud storage environment. This, in turn, is said to have been made possible by exploiting a nearly three-y

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer hacked and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive data from its Amazon AWS cloud storage servers. "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack," the password management service  said . This intrusion targeted the company's infrastructure, resources, and the aforementioned employee from August 12, 2022, to October 26, 2022. The original incident, on the other hand, ended on August 12, 2022. The  August breach  saw the intruders accessing source cod

The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The arrests were made on January 23, 2023. It's estimated that the hackers stole personal data belonging to tens of millions of individuals. This comprised names, addresses, telephone numbers, dates of birth, bank account numbers, credit cards, passwords, license plates, social security numbers, and passport details. The Politie said its cybercrime team started the investigation nearly two years ago, in March 2021, after a large Dutch company suffered a security breach. The name of the company was not disclosed but some of the firms that were hit by a cyber attack around that time included  RDC ,  Shell , and  Ticketcounter , the last of which was also a victim of an extortion att

Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees. The company  said  its "cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information." The incident, which took place on February 5, 2023, resulted in the exposure of a "limited amount of data" from its directory, including employee names, e-mail addresses, and some phone numbers. As part of the attack, several employees were targeted in an SMS phishing campaign urging them to sign in to their company accounts to read an important message. One employee is said to have fallen for the scam, who entered their username and password in a fake login page set up by the threat actors to harvest the credentials. "After 'logging in,' the employee is prompted to disregard the message and thanked for complying," the company said. "What hap

Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data sitting in production or analytic databases, data warehouses or data lakes. Security teams have to rely on data teams to locate sensitive data and enforce access controls and security policies. This is a huge headache for both the security and data teams. It weakens the business's security and compliance putting it at risk of exposing sensitive data, large fines, reputational damages, and more. Also, in many cases, it slows down the business's ability to scale up data operations.  This article examines how Satori, a data security platform, gives control of the sensitive data in databases, data warehouses and data lakes to the security teams. Satori's  automated data security plat

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, aimed at its employees. The attack entailed sending out "plausible-sounding prompts" that redirected to a website masquerading as Reddit's intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens. A single employee's credentials is said to have been phished in this manner, enabling the threat actor to access Reddit's internal systems. The affected employee self-reported the hack, it further added. The company, however, stressed that there is no evidence to suggest that its production systems were breached or that users' non-public data had been compromise

A Sydney man has been  sentenced  to an 18-month Community Correction Order ( CCO ) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when  arrested in October 2022  and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect contacted dozens of victims to threaten that their personal information would be sold to other hackers and "used for fraudulent activity" unless an AU$ 2,000 payment is made to a bank account under their control. The scammer is said to have sent the SMS messages to 92 individuals whose information was part of a  larger cache of 10,200 records  that was briefly published in a criminal forum in September 2022, The Australian Federal Police (AFP), which launched Operation Guardian following the breach, said there is no evidence that any of the affected customers transferred the dem

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become more common and more severe. While threat actors are becoming increasingly sophisticated and organized, this is just one piece to the puzzle in determining why cybercrime continues to rise and what organizations can do to stay secure. 🔓  Unlock the future of cybersecurity: Get ahead of the game with 2023 Cyber Security Trends Forecast ! Discover the major trends of 2022 and learn how to protect your business from emerging threats in the coming year.  ⚡  Get your insider's guide to cybersecurity now! An abundance of cyber spending, a shortage of cyber security It's easy to assume that t

LastPass-owner GoTo (formerly LogMeIn) on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service, impacted Central, Pro, join.me, Hamachi, and RemotelyAnywhere products, the company said. "The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information," GoTo's Paddy Srinivasan  said . Additionally, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted, although there is no evidence that the encrypted databases associated with the two services were exfiltrated. The company did not disclose how many users were impacted, but said it's directly contacting the victims to

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack," the Intuit-owned company  said  in a disclosure. The development was  first reported  by TechCrunch. Mailchimp said it identified the lapse on January 11, 2023, and noted that there is no evidence the unauthorized party breached Intuit systems or other customer information beyond the 133 accounts. It further said the primary contacts for all those affected accounts were notified within 24 hours, and that it has since assisted those users in regaining access to their accounts. The Atlanta-based company, however, did not reveal the duration for which