Microsoft has partnered up with the U.S. National Institute of Standards and Technology (NIST) to create a guide designed to make enterprise patch management simpler. Microsoft originally worked with partners from the Center for Internet Security (CIS), the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA), as well as customers.

Magecart attackers have been collecting sensitive information from thousands of online stores after compromising top eCommerce platform and payment service provider Volusion. Since September 7, hackers have activated online credit card skimmers on 3,126 online shops hosted by Volusion. That's according to Trend Micro security researchers' latest report.

CafePress is being served with a class-action lawsuit in the United States after allegedly failing to update its security software and informing customers of a data breach months after learning of the incident. The online gift shop retailer was criticized earlier this year for its weak cybersecurity and incident response after discovering 23 million customers had their personal information compromised in a data breach thought to have happened in February 2019.

The health data belonging to nearly one million New Zealanders has been accessed illegally after a cyber attack on Tū Ora Compass Health's website. The website was hacked in August 2019, but investigations into the incident have found previous attacks dating as far back as 2016 to March 2019. Neither the firm nor New Zealand's Ministry of Health has been able to determine whether these attacks resulted in any medical information being accessed.

New research has found that cyber attacks on UK businesses increased by 243% over the summer, compared to the same time period in 2018. Hastings-based business ISP, Beaming, found that UK firms experienced 157,528 cyber-attacks each on average between July and September, up from just 45,970 during that same time last year. The company detected over 500,000 unique IP addresses used during the cyber attacks and found that the number originating from China more than doubled since last year.

The U.S. Food and Drug Administration (FDA) issued a formal warning on Tuesday on vulnerabilities detected in decades-old software used in many of today's medical devices and hospital networks. The warning claims that 11 vulnerabilities exist in IPnet, a third-party software component that supports network communications across computers.

Danish hearing aid manufacturer Demant has revealed that a suspected ransomware attack on its systems in September could cost the company over $95 million. The company experienced a 'critical incident' on September 3, but refuses to elaborate on the nature of the attack. Some researchers have speculated there are many indicators that it could be a ransomware attack that hit the firm causing a critical crash in the IT Infrastructure.

The U.S. Senate passed a new law requiring the federal government to provide more support for organizations hit by ransomware. The DHS Cyber Hunt and Incident Response Teams Act will require the Department of Homeland Security to put together dedicated teams whose goal is to provide advice to organizations on how to protect their systems. This group will also be responsible for providing technical support and incident response assistance.

Food delivery service DoorDash announced in a blog post on Thursday that the company has suffered a data breach affecting millions of customers, workers, and merchants. The firm claims that an unauthorized party managed to access data belonging to 4.9 million DoorDash customers through a third-party service provider. An investigation into the security incident has determined that the unauthorized party accessed DoorDash user data on May 4, 2019.

Security sources have found that the European aerospace giant Airbus has been hit by a series of cyberattacks by hackers who targeted the company's suppliers in search of technical secrets, with suspicions the attack is linked to China. Two security sources involved in the investigation claim there have been four major attacks on Airbus within the last 12 months.