InfoSecBulletin Cybersecurity for mankind
Western Digital has finally restored the My Cloud service after more than a week following a hack, but those behind the breach claim to have stolen customer data.
The My Cloud service returned on Wednesday, 10 days after Western Digital officially reported an outage that made the online storage platform inaccessible for users.
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
By infosecbulletin
/ Sunday , December 22 2024
A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
By infosecbulletin
/ Sunday , December 22 2024
Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
Eight New ICS Advisories released by CISA
By infosecbulletin
/ Saturday , December 21 2024
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
By infosecbulletin
/ Friday , December 20 2024
Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data
By infosecbulletin
/ Friday , December 20 2024
Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
By infosecbulletin
/ Friday , December 20 2024
Sophos has fixed three separate security vulnerabilities in Sophos Firewall. The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
By infosecbulletin
/ Thursday , December 19 2024
A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
By infosecbulletin
/ Thursday , December 19 2024
Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...
Read More
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
By infosecbulletin
/ Wednesday , December 18 2024
The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...
Read More
Daily Security Update Dated: 18.12.2024
By infosecbulletin
/ Wednesday , December 18 2024
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
The outage occurred right as Western Digital reported a breach that it first detected on March 26 involving hackers infiltrating the company’s systems and stealing some data. As a “proactive measure,” Western Digital took certain systems and services offline, likely to examine the full scope of the breach and to purge the hackers’ presence.
It’s unclear why My Cloud was down for so long, and what the hackers stole. Western Digital declined to offer any new comment. “This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities,” the company said on April 3.
However, TechCrunch spoke(Opens in a new window) to one of the hackers involved in the breach, who claims 10TB of company data was stolen, including information on customers.
The hacker says they asked Western Digital to pay at least an eight-figure sum or else the stolen data will be published online. However, TechCrunch notes the company appears to have shut down attempts by the hackers to negotiate a payment. It’s also important to note cybercriminals have every incentive to inflate or lie about their claims in order to pressure a company to pay up.
In the meantime, some Western Digital customers are demanding the company be more transparent about the breach and what might’ve been stolen. “We need to know what happened, have our details been compromised and what’s going to happen differently in future!?” wrote(Opens in a new window) one user on Facebook.
