Security News > 2023 > April

Western Digital is today dealing with a "Network security incident" after detecting a break-in into its internal systems by an unauthorized third party. On discovering the digital break-in, WD "Implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts... and Western Digital is coordinating with law enforcement authorities."

Data storage devices maker Western Digital on Monday disclosed a "Network security incident" that involved unauthorized access to its systems.The breach is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "Number of the company's systems."

The Italian data protection watchdog, Garante per la Protezione dei Dati Personali, has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect, stating it intends to investigate the company over whether it's unlawfully processing such data in violation of the E.U. General Data Protection Regulation laws.

While there are various reasons for the difficulties PAM deployment introduces, the most prominent one regards the protection of service accounts. Service accounts are user accounts that are created for machine-to-machine communication.

The NCA says all of its fake so-called "Booter" or "Stresser" sites which have so far been accessed by several thousand people-have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks. "However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators," reads an NCA advisory on the program.

Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems. "Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts," Western Digital says in the disclosure.

US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a number of the company's systems and some company data. Western Digital identified the network security incident on March 26, 2023.

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro researchers Jaromir Horejsi and Joseph C. Chen said.

Automated malware campaigns will drastically change the reaction speed of malware gangs. The technology to run malware campaigns and automatically bypass new defenses is most definitely doable nowadays, but thus far, we haven't seen anything of the kind.

The CEO of VoiP software provider 3CX said his team tested its products in response to recent alerts notifying it of a supply chain attack, but assessed reports of a malware infestation were a false positive. Nick Galea told The Register by email that 3CX did not ignore alerts but rather "Chose to double check our desktop app on VirusTotal and since it gave our app the all clear we considered the SentinelOne alert a false positive. It's not unusual for VoIP apps. We checked again a few days later and got the same result."