Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

The report, entitled 2017 DevSecOps Community Survey, is based on a poll of 2,292 IT professionals, and also says IT organisations continue to struggle with data breaches.

Today Google published its third annual Android Security Year in Review, the day after the launch of the developer preview of Android O. Looking back at 2016, the report details the steps the company has taken to keep Android users and their data safe. Google cites a crackdown on Potentially Harmful Apps as a particular success, and points to the fact that security updates have been issued to 735 million devices.

But it’s not all good news. Many of the security improvements are to be found in Android 7 Nougat which is only available on a limited number of devices. Additionally, a large number of handsets are not eligible for the monthly security updates the company pushes out.

A modified version of a threat that first appeared in 2014 is successfully targeting users in Latin America according to the SPEAR research team at threat prevention specialist Cylance.

Attackers using the El Machete malware -- first identified by Kaspersky -- have moved to new C2 (command and control) infrastructure, based largely around dynamic DNS domains, in addition to making some minimal changes to the malware in order to evade signature-based detection.

Microsoft could be on the verge of making greater headway in China after completing a modified version of Windows 10 for the Chinese government.  The operating system has been banned for governmental use for some time despite the fact it is already available to consumers in the country.

A joint venture with state-owned China Electronics Technology Group, Microsoft's modifications are now awaiting government approval. While details of the included changes are not being released, China's concerns about other nations implementing surveillance through the software will almost certainly have been a key factor.

New research from software supply chain automation company Sonatype reveals that the adoption of DevOps is leading businesses to adopt a different approach to security.

The survey shows that mature development organizations are ensuring automated security is woven into their DevOps practice, early. But the results reveal that IT organizations continue to struggle with breaches as a nearly 50 percent increase was recorded between Sonatype's 2014 and 2017 surveys.

Not content with its second crack of the whip with a travel ban, the Trump administration has now issued a ban on larger electronic devices being taken on flights from certain countries. Devices larger than a cell phone will not be permitted in cabin baggage but must instead be checked in.

The ban is set to run indefinitely, and means that laptops, tablets, portable DVD players, ebook readers, portable games consoles and other larger electronic devices will be banished to the holds of aircraft. While the ban focuses on individual airports rather than countries, it has been noted that they are located in Muslim-majority parts of the world

It was a big day for IBM today, as it unveiled its first Blockchain-as-a-service. Unveiled at the Interconnect conference, this commercial blockchain service is based on the open-source Hyperledger Fabric 1.0, built by The Linux Foundation.

In a nutshell, IBM Blockchain allows customers to build their own secure blockchain networks. It took the company a year to bring it from the initial announcement to a finished product.

An old vulnerability was just discovered in the Linux kernel, potentially allowing hackers to gain privilege escalation, or cause a denial of service. The vulnerability was quickly fixed and there have been no signs of it in the wild, although that does not necessarily mean it went unnoticed.

According to Positive Technologies expert Alexander Popov, the CVE-2017-2636 vulnerability is seven years old and has affected the majority of popular Linux distributions, including RHEL 6/7, Fedora, SuSE, Debian, and Ubuntu.

Almost a third of companies have suffered either data loss or a security breach because their employees use mobile technologies to work. This is according to a new report by Apricorn. The company polled 100 IT decision makers in the UK for the report.

Almost half (44 percent) expect mobile workers to expose their company’s data to risks of breaches and theft. Nearly half of respondents also agree that employees are the biggest security threat to their company.

Gaining access to accounts is often done the old-fashioned way, using brute force guesses, but a new report reveals that many devices and accounts still have default usernames and passwords.

The study from visibility and testing company Ixia shows the top five username guesses as root, admin, ubnt, support, and user -- ubnt being the default username for AWS and other cloud services based on Ubuntu.

Once again, an urban myth turns out to be true. People know mobile apps can be targeted by hackers, they fear the scenario, yet they’re doing very little to protect themselves from such potential attacks.

The confirmation was released by F5 Networks, in a study into the UK’s app-centric society and consumer behaviors.

M-Kavach is a versatile Android security app from the Center for Development of Advanced Computing, a research and development arm of the Indian government.

The app offers several modules and security layers to protect you from a range of threats. M-Kavach can restricts app access to key resources, including Wi-Fi, Bluetooth, camera and mobile data.

The CIA's hacking tools leaked in the WikiLeaks Vault 7 disclosure revealed vulnerabilities in a range of popular software titles. Julian Assange has said that his organization will share details of the zero days revealed in the documents with the respective technology companies, but it now transpires that there are certain conditions to meet first. It’s a situation that has more than a slight air of "ransom" to it.

Microsoft has initially complained that after the initial leak there had been no contact from either WikiLeaks or the CIA, but it seems that contact has now been made with the Windows-maker and other companies. Mozilla is among those to have been contacted and to have responded, and sources suggest that Assange has attached conditions to disclosing details of vulnerabilities.

This year, the cyber-security focus is shifting from prevention only, into detection and response territory. This is according to a new Gartner report, which also says cyber-security spending will hit the $90 billion mark this year.

That’s actually a 7.6 percent increase year-on-year. Spending will keep on growing, Gartner says, up to $113 billion in 2020.

European and US businesses see cyber espionage as the biggest threat to their security, according to a new report by Trend Micro. The report says that organizations in the West are under "increasing pressure" from groups looking to get their hands on some sensitive data.

In relations to the accusations that the Russians have been interfering with US elections, there’s an interesting stat: a large percentage of countries with recent, or upcoming polls, say they had been subjected to cyber espionage attacks in the last 12 months.