A new survey from McAfee says that IT security staff report needing to increase their workforces by 24 percent to adequately manage their organization's cyber threats.

Yet a skills crisis means 84 percent admit it's difficult to attract staff and 31 percent say they don't actively do anything to attract new talent. However, 72 percent of respondents say hiring experienced video gamers into the IT department seems like a good way to plug the cyber security skills gap.

Huawei is being shunned by the US because of the perception that its hardware could be compromised and used by the Chinese government for espionage. The FCC has blocked US mobile carriers from using federal money to purchase products or services from the company on security grounds, and Huawei is understandably unhappy about this.

The smartphone maker has dismissed security claims as "simply not true" and says that it is "no security threat in any country". The Chinese company says that it is disappointed with the FCC's proposal, pointing out that it would give rural operators -- and, in turn, customers -- fewer options to choose from.

Infrastructure and development practices are changing as companies move towards cloud computing, DevOps, and on-demand SaaS delivery models.

This means security and operations teams must integrate their approach to securing systems. Cloud security company Threat Stack is launching a Cloud SecOps Program to help companies integrate security and operations initiatives and reduce risk.

Amid growing concern about a disregard for Chrome Web Store policies, Google is slapping a ban on extensions that mine for cryptocurrencies.

With immediate effect, no more cryptomining extensions will be added to the Store, and as of July 2018, any existing mining tools will be removed. Google says that an astonishing 90 percent of mining extensions ignore rules that state cryptomining must be the extension's sole purpose, and users need to be fully informed about the mining.

Last week there was an outcry after it was revealed that it was relatively simple to determine the location of Grindr users because of a security flaw. The company has now also admitted that it shared information from users' profiles with third parties -- specifically the analytics companies Apptimize and Localytics -- including their HIV status.

Grindr was quick to point out that, firstly, the information was sent via HTTPS, secondly, that the data was not sold to the analytics companies (it was provided free of charge) and, thirdly, that the data was public anyway. All three of these points will come as little comfort to Grindr users, but the company has said that it will now stop the practice of sharing HIV-related information.

A new study from independent testing lab AV-Comparatives reveals that of over 200 Android security apps tested the majority are dubious, unsafe or ineffective.

The company downloaded 204 apps from the Google Play store in January this year and found 84 of the apps detected over 30 percent of malicious samples, and had zero false alarms. 79 detected under 30 percent of malware samples and/or had a high false alarm rate.

Correctly calculating the probability of risk is becoming critical to organizations. And it’s not just because it is essential and fundamental to good Risk Management practice, but also because new laws such as GDPR are mandating it. Security measures must be appropriate to the risk, and the risk is suffering a data breach. So, calculating the probability of a data breach happening, regardless of scope, is vital to determining appropriate security measures.

ISACA, previously known as the Information Systems Audit and Control Association but now known solely by its acronym, talks about the probability of risk as:

It feels like almost every week, we hear of a new breach, and each week, we’re thankful it wasn’t our company. But how long can we dodge the breach bullet? No one wants to be the next headline, but what can we do to ensure that we aren’t?

The common denominator in virtually every breach is that somehow, someone who shouldn’t have access to your company’s system and data sources has found a way in. The bad guys are smart, creative and motivated, and can use even the smallest opening.

As if the Meltdown and Spectre chip vulnerabilities weren't bad enough in their own right, the patches designed to fix them caused a further series of problems. A Swedish researcher recently discovered that Microsoft's Meltdown fixes lowered security in Windows 7 and Windows Server 2008 R2, and now the company has issued a fix.

As the new patch is being released outside of the usual schedule, it is indicative of the importance of the security update. KB4100480 is a kernel update for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 that addresses CVE-2018-1038 problems.

The higher education sector has seen a big increase in cryptocurrency mining activity according to a new report from AI security company Vectra.

Vectra used its Cognito platform to monitor traffic and collect metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. It discovered that, of all the cryptocurrency mining detections, 60 percent occurred in higher education.

According to new research, 79 percent of healthcare professionals say they are concerned about the cyber security of their own healthcare information.

At the same time, 68 percent believe their organizations are doing enough to protect patient privacy and personal information from cyber attackers.

Data breach checking website Have I Been Pwned (HIBP) -- used by governments and individuals around the world -- has announced a new partnership with 1Password.

The arrangement is a first for Troy Hunt's site, but it comes just over a month after 1Password started using a password-checker he developed. Hunt says that he has turned down numerous offers to sponsor Have I Been Pwned, but feels that teaming up with 1Password makes sense.

Two security issues have been discovered in Grindr, the gay dating app, which could reveal the location of users even if they opted to keep this information private. There are concerns that the privacy compromise could lead to harassment of Grindr users.

Trevor Faden created a site called C*ckBlocked (that's the actual name, we're not being prudish and getting out our censorship pens) which was designed to give Grindr users the chance to see who had blocked them. By exploiting a security loophole similar to the one exposed in the recent Facebook/Cambridge Analytica scandal, Faden's site was able to access a wealth of private data including deleted photos and user locations.

Security teams are faced with an increasing range of problems, from the volume of attacks, to lack of visibility into networks and shortage of skills.

Endpoint security specialist Carbon Black is launching its own Carbon Black Integration Network (CbIN), a technology partner program designed to improve cybersecurity through collective defense.

In the wake of the Cambridge Analytica scandal and revelations about call and text logging, Facebook simply could not have got away with doing nothing. Mark Zuckerberg has hardly prostrated himself in front of users in his various recent interviews, but today Facebook announces a series of changes to privacy settings.

The social network is making it easier to find and use privacy settings, and providing users with information about how to delete the data Facebook stores about them.