Citizen Lab attributes (with "moderate confidence") a multi-year, multilingual influence operation to Iran, the Washington Post notes.
WhatsApp has patched a vulnerability that permitted remote installation of NSO Group's Pegasus intercept tool, the Financial Times reports. It's unknown how many phones were affected; the University of Toronto's Citizen Lab says that they're aware of one (probable) case. The vulnerability is said to have affected both Android and iOS devices. NSO Group said it would not have been involved in such activity, and that it's investigating.
BleepingComputer writes that Symantec, McAfee, and Trend Micro were among the security firms allegedly breached by the Fxmsp hackers. Trend Micro said data from a test lab had been accessed by unauthorized parties, but that no source code or customer information were compromised. Symantec denied being affected at all, and McAfee says it's investigating. BleepingComputer identified the companies from unredacted Fxmsp chat logs it received from Advanced Intelligence researchers. There's no word yet about a rumored fourth victim.
What's the cost of a breach? In the case of Equifax, Infosecurity Magazine reports that it's so far cost the company $1.4 billion.
Firms are concluding that many of the data lost in breaches needn't have been collected in the first place. A database of some 200 million individuals' information is circulating in what CSO calls "the grey market." While it doesn't include such tripwire data as Social Security, passport, driver's license, or credit card numbers, it contains forty-two fields of great interest but dubious direct-marketing value.