Moody's has changed its financial outlook for Equifax to "negative" from "stable," reflecting concerns about how the credit reporting giant is recovering from the 2017 data breach that exposed the personal information of 148 million Americans.
Instagram has revoked the access of an Indian social media marketing company after personal details of some of its users ended up in an unprotected database online. Instagram says the number of affected users - first reported at 49 million - is inaccurate, and the exposed data from Instagram was already public.
A federal grand jury has indicted WikiLeaks founder Julian Assange on 18 counts under the U.S. Espionage Act for his role in publishing classified material, the Justice Department announced Thursday. He's currently serving a prison sentence in the U.K. and fighting extradition to the U.S.
There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The FBI and the Department of Homeland Security have issued a joint warning about new malware called "Electricfish." Investigators suspect it was developed by the advanced persistent threat group Hidden Cobra, which has been linked to North Korea.
Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies.
The "Fxmsp" hacker collective has been advertising source code that it claims to have stolen from three top U.S. anti-virus software development firms, as well as remote access to the companies' neworks, warns fraud-prevention firm Advanced Intelligence.
An unsecured database belonging to Canadian mobile operator Freedom Mobile exposed personal details and unencrypted payment card data, according to two security researchers who discovered the data. The database has since been secured, with Freedom Mobile blaming the error on a third-party provider.
WikiLeaks founder Julian Assange returned to court on Thursday and told a British judge that he would not voluntarily accept extradition to the U.S. to face a charge of helping to hack into a Pentagon computer, setting up a legal fight that could take months.
On Wednesday, a British judge sentenced WikiLeaks founder Julian Assange to 50 weeks in prison for violating the terms of his bail after he sought political asylum in Ecuador's U.K. embassy in 2012. Now he faces possible extradition to the U.S. to face a charge of "conspiracy to commit computer intrusion."
Citrix says the data breach it first disclosed in early March appears to have persisted for six months before it was discovered and the hackers were ejected. In an ironic twist, the company sells the very products that might have blocked recent credential stuffing and password spraying attacks against it.