Data storage giant Western Digital is emailing customers to confirm that a
cyber-intrusion in March resulted in hackers pilfering user data.

As some readers might recall, WD last month informed
[https://www.bitdefender.com/blog/hotforsecurity/unknown-attackers-compromise-western-digital-systems-my-cloud-taken-offline/]
users that an “unauthorized party” gained access to a number of company systems
in late March.

Upon discovering the breach, the company launched its incident response
protocols

A new, sophisticated ransomware operation known as Cactus has been targeting
high-profile commercial entities by exploiting VPN vulnerabilities, security
experts have discovered.

Notably, Cactus ransomware encrypts itself to avoid detection by antivirus
software, making it particularly difficult to combat.

Cybersecurity experts at Kroll, a prominent corporate investigation and risk
consulting firm, have discovered that the Cactus ransomware infiltrates the
networks of its victims by exploiting

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. Threat actors are using emails sent from compromised accounts with the subject “bill/payment” with […]

The post CERT-UA warns of an ongoing SmokeLoader campaign appeared first on Security Affairs.

Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack, which infected up to nine US agencies and many organizations with backdoors into their infrastructure. 

Recent investigations show that the Department of Justice may have been aware of the potential for a breach months before it happened. Prior to purchasing the affected software, a trial was installed on sample servers and network administrators appear to have been concerned and questioned when there was unusual traffic from one of the servers. Investigators were brought in to examine the situation, but no one understood the significance until months later.

To read this article in full, please click here

The Securities and Exchange Commission (SEC) announced the largest-ever award, approximately $279 million, to a whistleblower. The Securities and Exchange Commission (SEC) paid a record sum of approximately $279 million to a whistleblower. The award was paid to a whistleblower whose information and assistance led to the successful enforcement of SEC and related actions. The […]

The post SEC issued a record award of $279 million to a whistleblower appeared first on Security Affairs.

An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA).
The emails, per the agency, are sent using compromised accounts and come with a ZIP archive that, in reality, is a polyglot file containing a decoy document and a JavaScript file.
The