Penetration testing company Positive Technologies has released some alarming figures surrounding the vulnerability of corporate networks to insider attacks.

During testing performed as an internal attacker, the company's researchers were able to obtain full control of infrastructure on all the corporate networks they attempted to compromise. Only seven percent of systems were assessed as having 'moderate' difficulty of accessing critical resources.

According to a new study, 68 percent of IT professionals believe their organizations are failing to carry out all procedures in line with data protection laws.

The report from digital security specialist Gemalto also shows 65 percent of companies are unable to analyze all the data they collect and only just over half (54 percent) know where all of their sensitive data is stored.

It's not all that long since fitness app Strava caused something of a security nightmare by inadvertently revealing the locations of numerous secret military bases. Now another app -- Polar Flow this time -- has gone a step further and revealed the names and home addresses of nearly 6,500 users.

A joint investigation by Bellingcat and Dutch journalism platform De Correspondent found that the app is "revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world".

Timehop -- the social network for those who like to reminisce -- has revealed that it fell victim to a security breach on Independence Day. The attacker managed to access an internal database stole the personal data of 21 million users from Timehop's Cloud Computing Environment.

The vast majority of those affected by the "security incident" (as Timehop refers to it) had their names and usernames exposed, but for nearly a quarter of them -- 4.7 million -- phone numbers were also exposed. The hacker also took access tokens which could be used to view users' posts.

The team behind Gentoo Linux has revealed the reasons for the recent hack of its GitHub organization account. The short version: shoddy security.

It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team's own admission, poor security meant that the password was easy to guess. As the Register points out, "only luck limited the damage", but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident.

While businesses spend a lot of time and effort putting up technical defenses to protect their systems, often the weakest spot is the users.

Employees can do harm to the business by visiting infected websites, responding to phishing emails, using business email through public Wi-Fi and more. Spam filtering service EveryCloud has put together an infographic looking at why it’s therefore important for companies to offer cybersecurity training.

Binance -- the largest cryptocurrency exchange in the world -- temporarily halted all trading after it detected "irregular trading on some APIs".

As a precautionary measure, the exchange removed all existing API keys and asked users to re-create theirs from their accounts. The measure meant a suspension of trading, withdrawals and other account activity. The matter is related to the Bitcoin fork Syscoin which halted deposits and withdrawals, but Binance stressed that there had not been as hack and that its blockchain is safe.

Another day, another privacy concern. Following a Wall Street Journal story about the access third party apps have to Gmail data, we wrote about how to stop it. While the WSJ did not really make any major new revelations, it did manage to reignite the conversation about privacy, and Google has responded to storm that has built up around it.

The company has used a blog post to respond to the concerns raised by the Wall Street Journal, insisting that it carefully vets any third party that has access to sensitive data. The task has been left to Suzanne Frey -- director of security, trust and privacy at Google Cloud -- to limit the damage caused by the article.

Information technology and operational technology are gradually moving closer together thanks to wider connectivity of OT with external networks, and the growing number of industrial IoT devices.

While this boosts the efficiency of industrial processes, it also presents new risks and vulnerabilities according to a new report from Kaspersky Lab.

Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.

Security researchers from Ruhr-Universität, Bochum and New York University, Abu Dhabi show how three different attacks can be launched on the second layer of LTE -- also known as the data link layer. Two passive attacks allow for identity mapping and website fingerprinting, while the active cryptographic aLTEr attack allows for DNS spoofing and network connection redirection.

Sportswear company Adidas has warned US customers about a security breach that took place earlier this week.

The firm says that on Tuesday it was made aware that "an unauthorized party claims to have acquired limited data associated with certain Adidas consumers". Two days later, the company started to notify its customers that personal data -- including contact information and usernames -- may have been compromised.

Cybercriminals use a variety of tactics to cloak their activity and that includes using trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources.

A new report from eSentire reveals that 91 percent of endpoint incidents detected in Q1 2018 involved known, legitimate binaries.

A hacker managed to take control of the Github account for Gentoo Linux, going as far as inserting malicious code into the distros. The malware was designed to delete user data.

Although the situation is now under control, an investigation is underway to determine what happened. Anyone who has downloaded a Gentoo distro or other files recently, is warned to "refrain from using code from the Gentoo Github Organization" for the time being.

Certificate authority Comodo CA is expanding out of its traditional area to launch a new platform designed to secure Internet of Things devices.

Hackers increasingly target IoT devices that have no security embedded and exposed vulnerabilities. The new Comodo CA IoT unified portal directly addresses this problem by enabling trusted, third-party, mutual authentication of devices to networks.

Cybercriminals are using mobile devices to avoid detection and execute a number of nefarious acts, according to a new report.

The study from bot mitigation specialist Distil Networks finds 5.8 percent -- around one in 17 -- of all mobile devices across six major cellular networks are used in such automated attacks and represent eight percent of all bad bot traffic.