As the digital economy expands and software becomes more critical, security worries grow. In a new survey, 74 percent of respondents agree that security threats due to software and code issues are a growing concern.

The study of over 1,200 IT leaders, conducted by analysts Freeform Dynamics for software company CA Technologies, finds 58 percent of respondents cite existing culture and lack of skills as hurdles to being able to embed security within processes.

Last week it emerged that OnePlus was conducting an investigation after a number of customers complained about fraudulent credit card charges. Now the company has given an update on the matter, saying that its website was attacked and a malicious script stealing credit card details was injected, affecting up to 40,000 people.

The company has issued an apology for the incident and says that it has contacted those it feels may have been directly affected. In a statement, OnePlus explains that over a two-month period, customers who entered their credit card details at oneplus.net may be at risk.

Gaining threat intelligence from the dark web can be a difficult task for security providers due to its unstructured nature.

Similarly, when data breaches occur, companies often face the problem of knowing exactly which data has been exposed on underground marketplaces.

With the 24th Winter Olympics due to start in Pyeongchang, South Korea in a few weeks, athletes are not the only ones preparing for the event.

A report from security analytics platform Cybereason shows that hackers and cyber criminals are gearing up too, the scale and cost of the event making it a prime target.

In the increasingly complex threat landscape faced by businesses, insiders continue to be a problem, accounting for around half of data breaches, according to a recent Forrester report.

One way that companies are combating this threat is with the use of User and Entity Behavior Analytics (UEBA). This detects abnormal behavior, adds contextual information to confirm the behavior is abnormal, and then prioritizes the riskiest insiders for analysts to investigate.

The idea of security by design is something we'll hear much more of as GDPR implementation looms. But many organizations still struggle when it comes to implementing a least privilege security model.

Access management specialist Thycotic is launching a new command line interface for its Secret Server privileged account management solution, enabling DevOps teams to bring best practice privileged account management to their code, build scripts, and configuration files.

While the notorious Meltdown and Spectre chip bugs are still yet to pose a real threat in their own right, it's rather a different story when it comes to the patches designed to fix the problems. Microsoft had to pause the rollout of patches after reports that they were leaving some AMD systems unbootable.

Now the software giant has released two new updates -- one for Windows 7 (KB4073578) and one for Windows 8.1 (KB4073576) -- to fix the "Unbootable state for AMD devices" issue. But it's not all good news. These are updates that have to be manually downloaded and installed, and Microsoft has provided no instructions about how to use them.

Cyber attacks driven by ransom demands are on the increase as criminals seek to cash in on the soaring values of crypto currencies according to a new report.

The 2017-2018 Global Application and Network Security Report from cyber security company Radware finds that reported ransom attacks surged in the past year, increasing 40 percent from the 2016 survey. Half of companies surveyed suffered a financially motivated attack in the past year.

While a majority of businesses around the world have adopted cloud services, a study released today reveals a wide gap in the level of security precautions applied by companies in different markets.

The study from digital security company Gemalto finds that German businesses are more cautious when it comes to sharing sensitive information in the cloud (61 percent) than British (35 percent), Brazilian (34 percent) and Japanese (31 percent) organizations.

The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities -- and some simply may never be protected.

Security firm Bridgeway found that just 4 percent of corporate phones and tablets in the UK have been patched against Spectre and Meltdown. Perhaps more worryingly, however, its research also found that nearly a quarter of enterprise mobile devices will never receive a patch because of their age.

2017 delivered a good deal of excitement (as well as massive, massive headaches) in IT security. WannaCry attacked more than 300,000 computers in 150 countries only to be followed by Petya a month later. And the pain extended beyond the enterprise when consumers bore the brunt of one of the most devastating hacks to hit the U.S.: the Equifax breach. The Equifax hack reportedly affected 145.5 million U.S. consumers -- or approximately 44 percent of the U.S. population -- leaving people vulnerable to financial fraud for potentially the rest of their lives.

These were just some of the year’s lowlights, all of which point to a future where nearly every organization is reliant on successful cybersecurity. It can literally mean the difference between a company’s survival and extension. As such, 2018 should be all about advancing enterprise security initiatives, and below are my top predictions to ensure the integrity of systems across the globe.

A number of OnePlus customers have reported unusual credit card transactions after buying products from the smartphone maker's online store. And, today, OnePlus announces a formal investigation.

OnePlus reveals that the complaints come only from users who have made direct purchases and adds that purchases involving third-party services -- PayPal, for example -- are not affected.

News of the Meltdown and Spectre processor bugs quickly spread around the world, as companies and individuals tried to protect their systems. But in addition to concerns about the performance hit patches may have on computers, Malwarebytes has also issued a stark warning about fake patches.

The security firm warns that criminals have used interest in Meltdown and Spectre to push out fraudulent bug fixes that are laced with Smoke Loader malware.

Google has removed more than 60 games from the Play Store after security firm Check Point discovered they were laced with malware and serving up porn ads. Check Point claims that the games were aimed at children, but Google says this was not the case.

The AdultSwine malware was found to be bundled in a number of games, many of which had been downloaded millions of times. As well as displaying pornographic ads, the malware also tried to trick users into installing fake security tools, and also encouraged people to register for expensive premium services.

With GDPR implementation only a few months away, a worrying new survey shows that 55 percent of UK businesses are still unaware of the GDPR regulations.

The study by compliance solution PORT.im also reveals that only 27 percent of businesses believe GDPR applies to them, despite 73 percent saying that they collect personal data on their customers -- a strong indication that GDPR does apply.