Security News

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack.

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. "This vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by tricking a privileged user to visit the crafted URL path," Patchstack researcher Rafie Muhammad said.

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. Active since at least 2012, the prolific threat actor has been linked to targeted attacks on non-governmental organizations, think tanks, diplomatic agencies, military organizations, economic groups, and research entities across North America, Asia, and Europe.

We've written about the uncertainty of Apple's security update process many times before. Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac.

German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack. The service provider doesn't yet have a timeline for when it expects to have all of its systems back up and running.

The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "Cannot stand anymore" if a ransom was not paid. On March 26th, Western Digital suffered a cyberattack where threat actors breached its internal network and stole company data.

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. Alloy Taurus is the constellation-themed moniker assigned to a threat actor that's known for its attacks targeting telecom companies since at least 2012.

London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.On March 31, 2023, Capita disclosed an IT issue that impacted its services.

Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The campaign makes use of "Previously unseen plugins from the MgBot malware framework," the cybersecurity company said in a report shared with The Hacker News.

Microsoft has discovered that an Iranian hacking group known as 'Mint Sandstorm' is conducting cyberattacks on US critical infrastructure in what is believed to be retaliation for recent attacks on Iran's infrastructure. In a new report, researchers in Microsoft's Threat Intelligence team explain that a subgroup of Mint Sandstorm switched from performing surveillance in 2022 to performing direct attacks on US critical infrastructure.