The average website was attacked 44 times a day during the last quarter of 2017, according to new research from security specialist SiteLock.

The company analyzed six million sites to identify trends in the behavior and tactics of attackers. Though the number of attacks represents a 25 percent decrease over the previous quarter, it still means a site could be attacked 16,000 times a year.

Hackers and cyber criminals often seek to exploit human errors like misconfigurations, poor security practices and the use of shadow IT.

In order to help businesses assess the risk XM Cyber is launching an automated advanced persistent threat (APT) simulation platform, HaXM, to continuously expose all attack vectors, above and below the surface.

If you're a Firefox user, it's highly possible that you use the browser to store your login usernames and passwords for the sake of ease. Supposing you're a little security conscious, you may well have enabled the 'master password' function to prevent unauthorized access to your password database.

Well, there's a little bad news. It's nowhere near as secure as you may have thought. Wladimir Palant -- the guy behind the AdBlock Plus extension -- found that the system, which is used by both Firefox and Thunderbird, can be very easily brute-forced, leaving passwords vulnerable to malware and hackers.

Over the past year or so the idea of using artificial intelligence as an aid to cyber security has gained a lot of support.

But what role does AI and machine learning have, and what will the future of security look like when it's in widespread use? We spoke to Gene Stevens, co-founder and CTO of network security company ProtectWise to find out.

Compatibility issues with patches for the Meltdown and Spectre vulnerabilities saw Microsoft blocking the rollout of security updates to Windows users. The company has just changed its policy for Windows 10 users, but this does not help anyone running Windows 7 or 8.x.

The problem is that updates are blocked for people who have not installed antivirus software known to be fully compatible. When such software is installed, a registry entry is created, and this allows updates to be installed. If you've decided to run the risk of operating without antivirus software installed, this registry won't be created and you won't receive security updates. Unless you hack it, that is.

The proceeds of cyber crime make up an estimated eight to 10 percent of total illegal profits laundered globally each year, amounting to an estimated $80-$200 billion.

This is among the findings of a new report, commissioned by virtualization-based security company Bromium, into the economics of cyber crime and how criminals launder and 'cash out' the profits of their endeavors.

The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.

Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.

Cloud access security specialist Netskope is launching an expansion of its Infrastructure as a Service security offering to add continuous security assessment and monitoring capabilities.

With this release customers can use Netskope for IaaS to continuously assess their infrastructure-as-aservice (IaaS) and platform-as-a-service (PaaS) configuration in AWS, with Microsoft Azure to follow soon.

Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year.

The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

VPN tools have been in the headlines recently. Firstly, Facebook's Onavo VPN was found to be gathering user data, and then McAfee snapped up VPN firm TunnelBear. Now for users of Hotspot Shield, PureVPN and ZenMate, there's a warning: sensitive data such as your real IP address may be leaked.

A VPN company with a strong interest in privacy, vpnMentor, commissioned research into the three well-known tools, and problems were found in all of them. The developers were notified, but only HotSpot Shield has addressed the problems that were found.

In the fallout from the revelations about the Spectre and Meltdown vulnerabilities -- and the ensuing chaos relating to patches for the security problems -- Microsoft blocked security updates for Windows 10 users with antivirus software whose compatibility with patches was not known.

Two months after making this decision, Microsoft has changed course and said that updates can roll out to everyone once again. The company says this is a result of working with antivirus partners and patches should no longer lead to problems in most cases.

Researchers at cyber security platform ERPScan have disclosed details of two vulnerabilities that allow compromise of the widely used SAP CRM system.

CRM is considered as a most critical asset by businesses. A data breach into CRM can be disastrous as it can destroy trust in the business and severely tarnish the brand as well as raising compliance issues.

DDoS attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017 compared to the previous year.

A new report by protection specialist Nexusguard attributes the rise to the use of Domain Name System Security Extensions (DNSSEC), a technology that's intended to add integrity and security to the DNS protocol.

New research reveals the US cities that are best at password security, with Minneapolis topping the list.

The study by password manager Dashlane scores cities based on several metrics, including average password strength and average number of reused passwords.

Researchers at threat prevention specialist Preempt have discovered a flaw in Credential Security Support Provider protocol (CredSSP), which is used by Remote Desktop and WinRM in their authentication processes.

An attacker with man-in-the-middle control over the session could use this to gain the ability to remotely run code on the compromised server masquerading as a legitimate user.