While 2017 saw enhancements in defenses -- such as the use of artificial intelligence -- it also demonstrated that cyber criminals continue to find their way around defensive measures with new evasion techniques.

Anti-evasion software specialist Minerva Labs has released its Year in Review report, which takes an in-depth look at the approaches used by common malware families to bypass anti-malware tools, including antivirus and analysis sandboxes.

Open source is the future of computing. Don't believe me? Three of the most important technology companies -- Microsoft, Apple, and Google -- not only license open source software, but they contribute to open source projects too. While closed source will likely never go away, it is becoming less important.

Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.

If you have an HP laptop, there's a reasonable chance that you have an keylogger installed. The tool is embedded in Synaptics touchpad drivers.

Before you start panicking too much, it's worth noting that the keylogging capabilities of the tool are disabled by default, but that's not to say there's no cause for alarm. This may all sound slightly familiar; back in May, HP hit the headlines for a keylogger that was buried in an audio driver. If you want to check if you are affected by the latest privacy violation -- and what you can do about it -- read on...

The increase in the number and variety of connected devices has made enterprise IT environments much more complex.

Maintaining security and compliance is a tricky problem and IoT security specialist ForeScout is integrating with IBM Security solutions to offer users stringer endpoint protection and automated risk mitigation.

The distrust -- at least publicly -- that the US shows for Russia is well-known. Following concerns about potential espionage from the Kremlin, the government has banned the use of Kaspersky software on its systems.

This ban has now been cemented into law as President Trump signed a bill forbidding the use of Kaspersky Lab software on government computers.

A new study of over 1000 US office workers finds that 99 percent of those surveyed admit to conducting at least one potentially dangerous security action, from sharing and storing login credentials to sending work documents to personal email accounts.

The survey by cloud business solutions provider Intermedia finds that 24 percent of office workers reuse the same login credentials for their work and personal accounts.

Security polices for USB devices are frequently outdated and inadequate, and enterprises are often failing to monitor their use, according to a new survey.

The study by encrypted drive specialist Apricorn reveals that while nine out of 10 employees rely on USB devices today, only 20 percent of them are using encryption on those devices. Eight out of 10 employees use non-encrypted USBs, such as those received for free at conferences, trade events or business meetings.

By impersonating brands and fooling consumers, malicious mobile apps are on the increase, according to digital threat management leader RiskIQ in its latest Q3 mobile threat landscape report.

Apps available outside of official stores are most likely to be malicious. Google’s percentage of malicious apps decreased to a low of four percent in Q3 after reaching a high of eight percent in Q2. However, one of the most prolific creators of malicious apps worked exclusively in the Play store.

The latest Global Threat Index from cyber security specialist Check Point reveals that the Necurs spam botnet -- reckoned to be the largest in the world -- is being used to distribute one of the latest ransomware threats.

During the Thanksgiving holiday in the US, Necurs sent over 12 million emails in just one morning, distributing the relatively new Scarab ransomware, first seen in June 2017.

Google's Chrome browser has something of a reputation for being memory-hungry. With the release of Chrome 63 this image is not going to be shed -- a new security feature increases memory usage even further.

The latest desktop version of the browser includes a new Site Isolation feature which launches individual sites -- all sites, or a specific list -- in sperate processes. While this is something that will be of particular interest to enterprise users because of the added security it brings, it's something that will appeal to any security-minded user who is willing to shoulder a 10-20 percent increase in Chrome's memory usage.

Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited without affecting the apps' signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards.

The security hole would allow an attacker to tweak an entirely legitimate app to behave maliciously without triggering any security alerts. Although vulnerability CVE-2017-13156 has been patched in December's Android update, very few people will have access to this security fix.

Deception in its various embodiments is becoming a critical part of organizations' security infrastructure. According to Gartner, the need for better detection and response is creating new opportunities for security stack automation, integration, consolidation and orchestration while also driving the emergence of new segments like deception.

These trends set up the perfect match of deception and automated detection and response or ADR.

A new report from anti-malware specialist Malwarebytes says that the volume and sophistication of cyber attacks is growing thanks to an increase in organized cyber crime it dubs the 'New Mafia'.

Ransomware attacks up to the end of October have surpassed total figures for 2016 by 62 percent. In addition, there has been an almost 2,000 percent increase in ransomware detections since 2015 -- rising to hundreds of thousands in September 2017 from less than 16,000 in September 2015.

As online retailers gear up for their busiest period of the year, how prepared are they to face the threat of cyber attacks?

A new study from cyber security company Tripwire reveals that just 28 percent of respondents say they have a fully tested plan in place in the event of a security breach.

Secure Shell (SSH) provides a secure channel for communication over unsecured networks and is therefore a popular technology in the financial services sector.

But a new study for machine identity protection company Venafi shows that even though SSH keys provide the highest levels of administrative access, they are routinely untracked, unmanaged and poorly secured.