Security researchers can make a lot of money by reporting bugs to software and hardware vendors. Microsoft, for instance, pays up to $15,000 for vulnerabilities in Office Insider, while Intel, through its first bug bounty program, takes things up a notch with a top reward of $30,000.

Intel's first bug bounty program was announced on HackerOne, and targets firmware, software and hardware products. Hardware vulnerabilities have the highest top reward, followed by firmware and then software.

The cyber security landscape is a constantly evolving one. The organizations best able to cope with it are the ones that can look beyond today's threats to those they'll face in future.

London-based Independent security body the Information Security Forum has released its Threat Horizon 2019 report which is developed for business leaders who need to rapidly grasp emerging information security threats and assess the potential business impacts.

Microsoft wants to make Office more secure, so it has announced a bug bounty program for Office Insiders to catch vulnerabilities before shipping a public release.

The bug bounty program targets the Windows version of Office on the Slow ring and features rewards of up to $15,000, but for "certain submissions" -- presumably highly-critical security holes -- the software giant says that researchers can expected to be paid more.

According to a new report, 93 percent of enterprises will use sensitive data in advanced technology environments (such as cloud, SaaS, big data, IoT and container) this year.

But 63 percent of those respondents also believe their organizations are deploying these technologies ahead of having appropriate data security solutions in place. These are the findings of the latest Data Threat Report from Thales e-Security and 451 Research.

The US Justice Department is charging two Russian spies and two hackers with orchestrating the attack against Yahoo in 2014 that saw 500 million accounts being compromised as part of an effort to collect intelligence.

The Justice Department says that Dmitry Dokuchaev and Igor Sushchin "and other known and unknown" FSB intelligence officers hired hackers Alexsey Beland and Karim Baratov to hack Yahoo accounts belonging to Russian journalists, officials, and employees of a "prominent" security company, as well as US officials and employees of tech companies.

Women make up only 11 percent of the cyber security workforce according to the latest report from the Center for Cyber Safety and Education -- formerly the (ISC)² Foundation -- and the Executive Women's Forum (EWF).

The survey of more than 19,000 participants around the world finds that women have higher levels of education than men, with 51 percent holding a master’s degree or higher, compared to 45 percent of men.

Sleeper cell accounts which appear normal and hide among normal users, waiting for long periods of time to age the account before striking, are the latest technique being used by cyber attackers.

These accounts are often used for testing or carrying out the attack in stages, according to fraud and financial crime detection service DataVisor.

No, we're not talking about the James Bond of the cephalopod world getting his tentacles on your security. Secret Double Octopus is an intriguingly named Israeli company that’s launching a new authenticator app for enterprises.

Authentication systems have traditionally relied on a single layer of protection, such as SMS, tokens, push notifications and biometrics. Secret Double Octopus uses a multi-shield authentication process for users to verify or reject a login attempt, payment or transaction.

When WikiLeaks' Vault 7 revelations about the spying capabilities and techniques were unleashed, there was concern about a number of popular apps and services that -- the documents suggested -- had been compromised. Included in this list are popular, secure chat apps WhatsApp and Telegram, and Check Point software has just released details of a vulnerability that left millions of user accounts exposed to hackers.

Google was recently criticized for releasing details of a security hole in Windows (and, subsequently another one in Internet Explorer and Microsoft Edge) before Microsoft had patched it. In fact, it was a third party who jumped to the rescue, issuing patches before Microsoft. This time around, however, after notification of the problems from security firm Check Point, WhatsApp and Telegram both patched the security holes within a week.

Businesses with dispersed and on-the-move employees are struggling to strike a difficult balance between the benefits of remote working and the security risks it creates. Security software designed to protect data at risk is nullified if it can be removed. To achieve their own stringent security aims while satisfying the demands of increasingly tight and punitive regulation, companies need a more persistent security solution.

Many organizations consider it to be only a matter of time before they fall victim to a cyberattack. PwC's 2016 Economic Crime Survey revealed that over half of responding UK organizations consider it likely they’ll suffer from cybercrime in the next two years. The prevalence of cybercrime makes detection and response capabilities critical in business today.

As a founder and innovator, you can't help but love the cloud. It's easy to use, it lets you get projects started quicker, and helps deploy them faster, too. But, as quickly as you can innovate and go to market with the cloud, you can also fail -- particularly if you don't pay attention to the small details and implement security from the get go.

I can only imagine what happened to the team at CloudPets, who recently suffered a major breach. This breach now has CEOs questioning what would happen if they were in the same boat.

Banks and other financial institutions spend three times the amount non-financial organizations are spending on cyber security, a new report by Kaspersky Lab has shown.

According to the Financial Institutions Security Risks research from Kaspersky Lab and B2B International, cyber security is a high priority for financial institutions, as they're coming under increased pressure from the government, top management and customers.

The Industrial Internet of Things (IIoT) is used in many businesses, including critical infrastructure sectors such as energy, utilities, government, healthcare and finance. No surprise then that it's a likely target for attack.

A new survey from security and compliance specialist Tripwire of more than 400 IT security professionals shows that 96 percent expect to see an increase in security attacks on the IIoT in 2017.

Ransomware continues to be the most lucrative business model for cyber crime, and a new study indicates that existing endpoint protection methods may not be enough to guard against it.

The survey from security awareness training organization KnowBe4 questioned more than 500 organizations about the current state of their ransomware protection, whether they were a victim of ransomware, the impact of a successful breach and their remediation tactics.

Since October, Datto has been conducting testing designed to quickly detect ransomware in backup data sets. Here’s why: it has become a major threat to individuals and businesses over the past few years, and the cyber extortionists behind these attacks operate with increasing sophistication. SMBs can be particularly vulnerable to attacks and are more likely to pay a ransom to get their data back than large businesses.

In many cases, these attacks are conducted by large criminal organizations using wide-reaching botnets to spread malware via phishing campaigns. Victims are tricked into downloading an e-mail attachment or clicking a link using some form of social engineering. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. When the malware is executed, it encrypts files and demands a ransom to unlock them.