Malware is something of a recurring problem for Android users, and it seems as though Google is fighting a never-ending battle to keep the blight out of the Play Store. The latest large-scale batch to be discovered takes the form of adware known as FalseGuide.

As you may have guessed from the name -- and your own experience of Google Play -- this malware spreads by fooling people into installing apps purporting to be guides to popular games. The apps themselves are fairly innocuous -- and often are guides as they claim to be -- but they then download additional modules which can be used to bombard users with ads.

Cyber attacks are constantly evolving and consequently businesses are always seeking new ways of defending themselves. This is as much about understanding the nature of attacks as about preventing them.

One of the latest developments is the use of deception, employing camouflaged traps and tokens to throw the attackers off balance by detecting and understanding the nature of the attack and their plans.

Apps that come with open-source code are putting organizations at risk, according to a new report by Black Duck. As you might imagine, many companies are using apps with open-source code.

Black Duck’s Center for Open Source Research & Innovation analyzed 1,071 apps audited during 2016 and found that 96 percent of them had open source. Of those, more than 60 percent had open source security vulnerabilities.

Every eighth person in England has had their healthcare data breached. This is the conclusion of a new report just released by Accenture. Based on a poll of 1,000 people it says that more than half of those who experienced a data breach (56 percent), were in fact, victims of medical identity theft.

The report also says that these data breaches are fairly expensive, too. On average, more than three quarters (77 percent) have had to pay roughly £172 in out-of-pocket costs, per incident.

People are the biggest threat when it comes to enterprise cyber-security, not technology or processes. This is according to a new report by The Institute of Information Security Professionals (IISP), which says there are a couple of ways people are putting organizations at cyber risk.

The first, and most obvious one, is not being careful enough when opening links in emails, downloading attachments and visiting threat-carrying sites. The second one, less obvious, is the lack of technical skill. And finally, the third one, is the risk from senior business stakeholders making "poor critical decisions around strategy and budgets."

The Internet of Things is gaining in popularity just as many pundits have predicted for years. Having a connected home is easy and cost effective, thanks to devices like Amazon Echo, WeMo lights, and Nest thermostats. It really is an exciting time to be a tech-enthusiast consumer.

Unfortunately, while IoT is exciting, it can also be confusing and scary. Many devices do not work together due to fragmentation, and even worse, there can be security exploits that put the consumer's home network at risk. In other words, an internet connected refrigerator or webcam could be abused by hackers. Today, The Linux Foundation launches the open source EdgeX Foundry -- an attempt to unify and simplify the Internet of Things.

The cloud is a dynamic environment and the threats it faces are equally fluid, whether they're sophisticated cyber attacks or insider threats.

Cloud security company Lacework is launching a new tool called Polygraph that detects breaches, manages insider threats, delivers insights into workloads, and offers graphical investigation tools for public, private and hybrid cloud workloads.

Increasing workforce mobility and the shift of systems to as-a-service models has meant greater need for a reliable means of controlling access and identifying legitimate users.

Identity management specialist SailPoint is launching a new service called IdentityNow Access Request that provides a simple, mobile-ready interface for delivering a self-service access request process to employees, contractors, and business partners. It's aimed at improving IT efficiency and reducing the risk of inappropriate access by consistently enforcing organizational access policies.

WikiLeaks continues to release documents that reveal various hacking tools used by the CIA. After the HIVE revelations just over a week ago, the group has followed up with details of operations that were mentioned in the very first batch of Vault 7 leaks -- hacking Samsung televisions to listen in on people.

The documents suggest that the CIA's work is based on a tool developed by MI5 in the UK called Extending. The CIA went on to transform this into its own utility by the name of "Weeping Angel." WikiLeaks has published the guide to using the tool in a file marked "SECRET STRAP 2 UK EYES ONLY," and it describes how an implant is configured on a Linux PC before installing it on a target Samsung F Series smart TV.

The Internet of Things (IoT) has undergone an amazing transformation, from a pipe dream to a marketing buzzword, and now an impending reality. Recent estimates expect the number of Internet-connected devices to reach 26 billion by 2020, with some studies suggesting an even higher output.

With an exponential increase in devices communicating with us, other devices, and with the internet at large, how can anyone keep private information safe?

Many organizations don’t enforce proper security measures in their DevOps environments, putting both the company and the product at risk. This is according to a new report by Venafi looking into security practices among DevOps adopters.

Using the same passwords for multiple machines or not even bothering to secure communications between machines are some of the most common issues, usually among organizations in the middle of adopting DevOps practices.

Whether it’s state-sponsored attacks, corporate espionage, a moneymaking scheme or simply someone trying their luck, businesses and governments are facing a constant barrage of cyber attacks. The high-profile cases of lone wolves hacking into the systems of government organizations mask the more devastating consequences of attacks carried out or ordered by nation states against other nation states.

They are threatening national security around the world, but the wide variety of attack vectors, as well as the continuous evolution and improvement of methods, means we’re constantly chasing our tails trying to keep up and keep them out.

New data from cloud security specialist Netskope shows that companies are still struggling to prevent network breaches and protect themselves at all points of entry.

Backdoors made up the bulk of cloud malware detections, at 37.1 percent, down from 43.2 percent last quarter but still the biggest single threat.

Deception technology intended to catch out attackers by deploying decoys that mimic business systems is gaining in popularity. The market for deception is expected to exceed $2 billion by 2021.

Threat defense specialist Acalvio Technology is launching a new product called ShadowPlex which offers the scale and depth of a dynamic deception environment, and integrated intelligence built on a cloud-first infrastructure that makes it easy and cost-effective to deploy.

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality -- shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling-out, it’s the software on your website. There are a couple main culprits for this scenario.