A new vulnerability was recently discovered that could potentially allow attackers to obtain sensitive information from over one billion Wi-Fi-capable devices. Kr00k (CVE-2019-15126) is the latest vulnerability that's been shown to caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing hackers to decrypt some wireless network packets transmitted by impacted devices.

According to CyberMDX, medical devices pose a serious threat to healthcare organizations (HCOs) and are twice as likely as general network devices to be vulnerable to Bluekeep. The 2020 Healthcare Security Vision Report found that thirty percent of US healthcare organizations have experienced a cyber-attack over the last 12 months. These breaches reportedly cost an average of $6.45 million - a figure sixty-five percent higher than that of the cross-industry average.

A local authority in northeastern England has suffered a major ransomware attack, leaving online public services unavailable for over 135,000 residents for over a week. As of now, the website for Redcar Cleveland Borough Council is still down. An update was published on Monday February 17, stating we are experiencing issues with our IT systems and are still able to receive and answer limited calls and emails. The company is currently having to prioritize messages based on urgency.

The government of Puerto Rico has publicly announced that its Industrial Development Company has fallen victim to an email phishing scam. The government-owned corporation transferred $2.6 million to a fraudulent account after reportedly receiving an email that alleged a change to a bank account tied to remittance payments. The transfer was made on January 17, 2019, but officials only found out about the incident earlier this week.

A new study from The Ponemon Institue found that organizations are spending nearly 60% more to recover from insider threats compared to three years ago. The study involved companies located in North America, Europe, the Middle East, and the Asia-Pacific region. The report found that cybersecurity events caused by insider threats have increased by almost 50% since 2018.

Researchers at TrapX Security recently discovered three of the world's largest manufacturers with IoT devices running Windows 7 infected with malware in an alleged supply chain attack. The company identified a cryptocurrency miner on numerous IoT devices, including automatic guided vehicles, a smart TV and a printer. All of these attacks are said to be a part of the same campaign.

New research from Recorded Future claims that hackers are exploiting many of the same security vulnerabilities as last year, demonstrating how failure to apply security updates is leaving organizations vulnerable to attack. Researchers analyzed the top vulnerabilities, exploit kits and malware attacks used by attackers in 2019 and found that six of the most commonly exploited vulnerabilities were repeats from 2018.

The National Institute of Standards and Technology (NIST) recently released a set of new guidelines to help organizations better protect the confidentiality, integrity and availability of data. The first guide is on data integrity and protection is a guide to help organizations identify and protect IT assets from data integrity attacks, including ransomware.

Australian transportation giant Toll Group was forced to shut down some of its online services after experiencing a cybersecurity incident last Friday. Toll Group said it discovered a piece of ransomware on its systems on Friday, January 31. In response, the company shut down several of its IT systems at multiple sites and business units across the country to resolve the issue.