Google's Project Zero security researchers recently revealed that they found several malicious sites that planted malware onto people's iPhones for years. Researchers claim that if iPhone users visited one of the hacked websites, their messages, photos, and location data could have been compromised by hackers.

NATO Secretary-General Jens Stoltenberg claimed this week that a serious cyberattack on one member country would trigger a response from all member countries. Stoltenberg claims such an event would trigger a 'collective defense commitment', known commonly as Article 5, an attack on one member of NATO is an attack on all of its members. Article 5 has been involved once in its history - in response to the terrorist attacks on the United States on September 11, 2001.

Trend Micro recently releases its 2019 Mid Year Security Roundup: Evasive Threats, Pervasive Effective and found that organizations are dealing with a wide range of security threats, from ransomware and malware to phishing and high impact vulnerabilities.

According to the latest 2019 Mid-Year Vulnerability Report, over 34% (3,3771) of all vulnerabilities reported in the first half of 2019 do not currently have a documented solution. The report by Risk Based Security claims this lack of patch availability is due to lack of information regarding the flaw or due to lack of a patch release.

Many airlines allow passengers to view and make adjusts to flight details by using a unique identifier often called the booking reference, or passenger reference number, and the customers last name. Unfortunately, there are several airlines that have not implemented mechanisms that would prevent someone from obtaining the PNR through a brute force attack on an airlines' booking management system.

The U.S. Office of Management and Budget recently released its annual report and found the number of cyber incidents decreased by 12% in 2018 compared to 2017. The agency's annual report on the Federal Information Security Modernization Act (FISMA) found that 31,107 incidents were recorded in 2018, compared to 35,277 reported in 2017.

Hy-Vee experienced a hack that impacted some of its payment processing systems that are associated to transactions at various Hy-Vee fuel pumps and drive-thru coffee shops. Hy-Vee detected unusual and unauthorized activity on some of its PoS systems which caused them to hired a cybersecurity firm and immediately launched an investigation into the activities.

Texas’ Department of Information Resources (DIR) launched an investigation into the attacks once they learned of the incident this week. Based on the collected evidence, cyber security officials suspect the attacks to be orchestrated by a single person where the bad actor encrypted files and appended the .JSE extension to the encrypted files.

The European Central Bank (ECB) had to shut down one of its websites after it was hacked and infected with malicious software. ECB said the compromised site was on its Banks’ Integrated Reporting Dictionary (BIRD) which provides bankers with information on how to produce statistical and supervisory reports. An EBC spokesman also added that the sever hosting the site contained email addresses, names and titles of the subscribers of the BIRD newsletter which might have been stolen.

Hospitality franchisor Choice Hotels, the parent organization of those franchise chains, has confirmed a breach in which attackers stole 700,000 guest records from a publicly available MongoDB database without a password or any authentication. The affected data includes full names, addresses, email addresses and telephone numbers. No credit cards, passwords or Social Security numbers were compromised. The database held 5.6 million records.

Following two major data breaches in the last year, the Singapore Government has announced measures to reform their data-protection standards across the public sector. As we all know, Government authorities around the world are under enormous pressure to deliver improved public services for less, but also to meet the public’s expectation that they maintain the highest standards of data privacy and protection.

Online retailer CafePress, which specializes in custom T-shirts and merchandise, is reported to have suffered a data breach involving sensitive information of more than 23 million customers in February of 2019. According to HIBP (Have I Been Pwned), CafePress was hacked in February of 2019 and the personal information for 23,205,290 users was exposed including Email addresses, Names, Passwords, Phone numbers, and Physical addresses.

The city of Naples in Florida is the latest city to be hit by hackers in a targeted spear-phishing campaign. Hackers disguised themselves as representatives from the Wright Construction Group and targeted the city in a spear-phishing campaign, resulting in the loss of $700,000 from the city. The Wright Construction Group once did infrastructure-related work in downtown Naples. Consequently, a member of an unnamed department transferred $700,000 to a fake bank account provided by the attackers.

File Integrity Monitoring gives analysts a problem. While they all wholeheartedly endorse this critical security control, none can agree where it should reside in terms of the already-defined technology sectors. So where has the the Magic Quadrant for FIM gone?

A survey recently conducted by Deloitte and Dragos found that less than a fifth of security professionals are confident in their ability to secure Internet of Things (IoT) and Industrial IoT (IIoT) devices.

Cabarrus County, North Carolina was recently targeted in a business email compromise (BEC) scam which resulted in the loss of $2.5 million. The attack began in late November 2018 when Cabarrus County employees received emails pretending to be from Roanoke, Virginia-based Branch and Associates, Inc, the contractor responsible for the construction of the new West Cabarrus High School.