Organizations are facing an unprecedented variety of cyber risks that have the potential for devastating consequences, but a new study reveals that IT, security and compliance teams individually lack the resources to deal with them.

The study for communications compliance specialist Actiance and conducted by IDG Research finds enterprises moving towards a collaborative risk management model with increasing overlap between the different teams.

Analysis of the internet presence of 25 out of 50 top US banks reveals a worrying number of online security flaws.

Threat management company RiskIQ used its Digital Footprint product, which provides a real-time inventory of all internet-facing assets, including the components running on assets that may expose the organization to vulnerability risk. It also correlates newly discovered vulnerabilities with internet-exposed components and assets, highlighting those at risk to inform patching and remediation planning.

Google has revealed details of a security vulnerability in Microsoft Edge before a patch has been produced. Through Project Zero, Google notified Microsoft about a bug in the browser's Arbitrary Code Guard (ACG) feature back in November, giving the company the usual 90-day disclosure deadline.

Google went further, granting Microsoft a further grace period of two weeks on request, but the vulnerability remains unfixed in Windows 10. As such, details of the "ACG bypass using UnmapViewOfFile" bug have now been made public.

We hear a lot about cyber attacks and the latest threats, but it can sometimes be hard to comprehend the scale of the problem.

Network security company Bricata has produced an infographic that sets out some of the statistics to put things into context.

According to Networking specialist Cisco, almost half of SMBs and enterprises in the US are outsourcing at least some of their security to managed security service providers (MSSPs) in order to counter the latest advanced threats.

The company is targeting this market by launching a set of new endpoint security solutions aimed specifically at MSSPs. These include three powerful cloud-based tools.

The US government has joined the government of the UK in pointing the finger of blame at Russia for the NotPetya cyberattacks. The ransomware/destructoware hit computers around the world last June.

After speculation that the attack was a state-sponsored one carried out by Russia, this position has now been confirmed as the White House accused the nation of the "reckless and indiscriminate." At the same time, the UK's National Cyber Security Centre said that the Russian military was "almost certainly" responsible for the attack.

While Android ransomware is still growing, it's doing so at a slower rate than at its peak in 2016. However, it is using sneaky new techniques to trick users.

New findings from researchers at ESET reveal techniques like the misuse of Android's Accessibility services being used to infect devices. The most popular attack technique though remains screen-locking followed by a ransom demand. The most frequently detected variant being the Android/Locker family.

More than 20,000 new vulnerabilities were cataloged in 2017 according to breach analysis specialist Risk Based Security.

The figures from the company's own VulnDB eclipsed the total covered by MITRE's Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900.

While US government agencies are continuing to improve their security performance over time, the contractors they employ are failing to meet the same standards according to a new report.

The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector.

Facebook and privacy are not words that really belong in the same sentence, so the idea that the social network is offering a VPN tool might well raise your suspicions. Back in 2013, Facebook acquired Onavo, the company behind the VPN tool Protect.

Recently, users of the Facebook iOS app noticed a link to something labelled Protect within settings. While this appears to be a built-in setting, it is in fact just a link to the Onavo Protect VPN app -- and the idea of a Facebook-owned VPN tool being promoted from within the Facebook app has people concerned. Take a look at the app description, and you may well understand why.

Intel has updated its bug bounty program, offering up to $250,000 to anyone identifying vulnerabilities in its hardware and software. The key update here is that the program is now open to everyone through the HackerOne platform -- it was previously open to selected security researchers on an invite-only basis.

The move comes in the wake of the Meltdown and Spectre chip vulnerability revelations, and it's clearly an attempt by Intel to not only ramp up its security, but to be seen doing so. The company says it wants to create "a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover."

Malware seeking to steal processor time for crypto currency mining continues to be a problem, with 23 percent of organizations globally affected by a Coinhive variant in January.

These findings come from a study by Check Point which discovered three different variants of cryptomining malware in its top 10 most prevalent listing, with Coinhive ranking first.

With a wider threat landscape presented by cloud and digital transformation strategies, accurate and up to date threat intelligence is more important than ever to protect against attacks.

To meet this need, NTT Security, the specialized security company of NTT Group, has partnered with ThreatQuotient to offer an improved threat intelligence capability.

Microsoft has released an update to its free Windows Analytics tool, giving system administrators a new way to check for the Meltdown and Spectre vulnerabilities.

The update not only makes it possible to see whether firmware patches are already installed or if they are needed, but also helps sysadmins to determine whether the patches are causing problems of their own. The checking tool is available for fully updated versions of Windows 7 through Windows 10.

Formerly a Windows 10 exclusive, Microsoft today announced that Windows Defender Advanced Threat Protection (ATP) is coming to Windows 7 and Windows 8.1.

That's not to say that the older operating systems are set to gain the full benefit of ATP, however. Microsoft says that it is the Endpoint Detection & Response (EDR) functionality that will make its way to Windows 7 and 8.1 at some point this summer. This cloud-driven feature will be made available as a preview in the spring.