Online invitation site Evite has been hacked and information on an unspecified number of users stolen. In a data minimization fail, the breach apparently dates from earlier this year, but it's been tied to "an inactive data storage file associated with Evite user accounts" from before 2014.
Microsoft is warnings about a large-scale spamming campaign hitting several countries in Europe, with the attackers using an old Office exploit to send emails to victims that contain malware in RTF attachments.
The White House budget chief is seeking to delay a ban on the U.S. government using products manufactured by Huawei. In a letter to Vice President Mike Pence, Russell T. Vought, the acting director of the Office of Management and Budget, says organizations need more time to switch suppliers.
A new botnet called GoldBrute is actively scanning the internet and using brute-force methods to attack 1.5 million Windows machines that have exposed Remote Desktop Protocol connections, according to research from Morphus Labs. The goal of group controlling the botnet is not clear.
Federal prosecutors brought racketeering and other charges against four people, including one U.S. citizen, related to Darkode, a notorious online forum that specialized in buying and selling of malware and other hacking tools. Law enforcement closed the site nearly four years ago.
A month after Baltimore's IT network was hit with the RobbinHood ransomware variant, officials believe the May 7 attack will cost $18 million, which includes recovering and restoring computer systems as well as lost municipal revenue.
Organizations and their applications are under attack from automated bots and bad actors. And many of these attacks are undetectable by conventional security technologies. How can organizations detect and prevent this activity? Carl Gustas of Cequence Security shares insights.
Australian National University has detected a data breach that resulted in the copying of "significant amounts" of staff and student data stretching back 19 years. The intrusion began in late 2018 and was detected on May 17.
The latest edition of the ISMG Security Report analyzes the "blame game" in the wake of a ransomware attack against the city of Baltimore. Also featured: Discussions of cyberthreats in the financial services sector and open source security concerns.
Anyone looking for clarity on whether Special Counsel Robert Mueller believes President Trump is innocent of committing any crimes came away empty-handed from Mueller's press conference Wednesday, when he declined to exonerate the president. But Mueller again accused Russia of attempted election interference.
Reports that the city of Baltimore was attacked using a vulnerability in Windows originally stockpiled by the National Security Agency have triggered a blame game. Cybersecurity watchers are debating attacker culpability, patch management prowess and zero-day stockpiling.
Moody's has changed its financial outlook for Equifax to "negative" from "stable," reflecting concerns about how the credit reporting giant is recovering from the 2017 data breach that exposed the personal information of 148 million Americans.
Instagram has revoked the access of an Indian social media marketing company after personal details of some of its users ended up in an unprotected database online. Instagram says the number of affected users - first reported at 49 million - is inaccurate, and the exposed data from Instagram was already public.
The latest edition of the ISMG Security Report assesses the legacy of WannaCry ransomware two years on. Also featured: the evolving role of healthcare CISOs; threat mitigation recommendations based on the 2019 Verizon Data Breach Investigations Report.
A federal grand jury has indicted WikiLeaks founder Julian Assange on 18 counts under the U.S. Espionage Act for his role in publishing classified material, the Justice Department announced Thursday. He's currently serving a prison sentence in the U.K. and fighting extradition to the U.S.