Time for a fresh edition of "learn from how others get breached" focusing on Equifax. The goal is not blame, but rather to highlight specific missteps so others can avoid making the same mistakes. The Equifax breach offers a plethora of takeaways to help organizations better repel attackers.
Security researchers have found that the developers of the Emotet Trojan have created a new way to spread it to more victims - attackers are using unsecured WiFi networks as a way to deliver the malware to more devices.
Four members of China's People's Liberation Army have been indicted for allegedly hacking Equifax in 2017 and stealing the personal data of over 145 million Americans as well as a vast trove of the company's trade secrets and intellectual property, the U.S. Justice Department announced Monday.
Several law firms are racing to be among the first to file class action lawsuits against PIH Health in the wake of the California-based regional healthcare network reporting last month that a 2019 phishing breach affected nearly 200,000 individuals. Why the rush?
Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, which tracks internet freedom across the globe.
Indian banks are again facing a fraudster field day, as cybersecurity firm Group-IB warns that the notorious Joker's Stash carder forum is listing more than 460,000 stolen Indian credit and debit cards for sale as "fullz," meaning they include personally identifiable information.
After winning court approval this week, the Federal Trade Commission shuttered over 200 websites that it says fraudulently claimed to offer government services, such as drivers' license renewals or verification of public benefits, for a fee.
In a recently discovered phishing campaign, hackers attempted to steal victims' passwords and credentials by posing as a former Wall Street Journal reporter and sending documents with potential interview questions, according to security firm Certfa.
The intellectual property, including research results, of biotechnology companies and other medical organizations is increasingly a target for hackers, who sometimes dump data on hacker forums or public websites. That's why breach detection and prevention is even more critical.
Twitter says it has fixed an API problem that would have allowed someone to match phone numbers en masse to corresponding accounts, which could potentially unmask anonymous users. The flaw could have been found and exploited by state-sponsored actors, the social media firm warns.
A 21-year-old California man has pleaded guilty to repeatedly hacking gaming company Nintendo over three years to access servers and steal confidential data, including details on hardware, games and developer tools.
After a hiatus, TA505 - a sophisticated APT group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers.
Scammers are blackmailing users of infidelity-focused dating site Ashley Madison using leaked data from 2015, warns security firm Vade Secure. The sextortion shakedown is a reminder that while data breaches may be a blip for corporate entities, for individual breach victims, the impact may last forever.