2016 was a record setting year for data breaches and hacks. In the last few months of the year Yahoo began making headline news for all the wrong reasons with two stories around how it was the victim of the largest cyber-attack in history, which saw one billion accounts being compromised. Making this situation all the more worst for Yahoo, was the fact that it was in the process of being acquired by Verizon.

This hack in fact has resulted in Verizon paying $350 million less for Yahoo and receiving confirmation from Yahoo’s board that any future legal costs or reparations will be jointly covered. The bad news of companies across the globe is that Yahoo’s attack is likely to only be the beginning. As cyber attacks escalate in both their volume and size the dangers to companies looking at acquiring others rises.

Privacy and security are major concerns when it comes to life online, but a survey by Mozilla reveals that a worrying number of people do not know how to stay in control of them. The company also found that a third of people feel they have no control over their information online, with a similar number confessing to knowing "very little" about encryption.

But these are not the only concerns of internet users. Mozilla also asked about people's greatest online fears. Topping the list is "being hacked by a stranger" (a fear held by 80 percent of people), and "being tracked by advertisers" (61 percent). As well as presenting the results of its survey, Mozilla also has some important advice.

Vulnerabilities in software are at the heart of many security problems, providing a foothold for hackers that they can use to gain access to systems.

The latest Vulnerability Review from the Secunia Research arm of Flexera Software maps the security threat presented to IT infrastructures and explores vulnerabilities in the 50 most popular applications on private PCs.

Last year's highly publicized Yahoo and LinkedIn breaches exposed millions of users' passwords to the public and saw them for sale on the dark web.

Researchers at behavioral firewall company Preempt have analyzed the leaked LinkedIn passwords to find out how many were weak before the breach occurred.

Despite being based on the very secure Linux kernel, Android isn't necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple's own App Store, it is far too easy to do so on Google's mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system.

For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones -- from manufacturers such as Samsung, LG, and even Google's own Nexus line -- are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware!

The Vault 7 leaks this week suggest that the CIA has been able to exploit vulnerabilities in a wide range of popular hardware and software, including Windows, macOS and Linux. One of the suggestions is that the agency produced EFI (Extensible Firmware Interface) rootkits for MacBooks called DarkMatter.

To help calm the fears of MacBook owners, Intel Security has pushed out a tool to check for such rootkits. Apple issued a statement earlier this week indicating that it had addressed "many of the issues" exposed by WikiLeaks, but Intel Security's further intervention will bring some peace of mind to concerned users.

We’ve been losing the war on cybercrime for some time. Research firm Forrester reports over a billion accounts stolen in 2016 alone, and these data breaches are going up, not down. We are having to wade through more incident data, and people cannot keep up. Could machine learning help solve the problem?

For years, researchers hoped that artificial intelligence would produce human-like machines. Now, they focus on a subset of AI that can solve more realistic and useful challenges. Machine learning cannot do everything a human can, but it doesn’t have to. Instead, we can train it to be good at narrowly-defined tasks -- even better at them than humans, in some cases.

More than a fifth (21 percent) of all websites are still using an insecure certificate, which is leaving them open to different types of cyberattacks. This is according to a new report from cyber security experts Venafi.

The report says many sites are still using the SHA-1 certificate, which means they’re vulnerable to man-in-the-middle attacks, brute force attacks and collision attacks, all of which can expose the site’s sensitive data.

AgileBits, the company behind popular password manager 1Password, is raising the top bug bounty reward from $25,000 to $100,000, following the discovery of serious vulnerabilities in popular password managers, including its own service, that could have allowed attackers to gain access to user data.

To receive the highest reward in its bug bounty program, AgileBits says that a researcher would have to access an unencrypted "bad poetry" flag that is stored in a 1Password vault.

When your job is writing about technology you get used to receiving the somewhat off the wall ways companies come up with to promote their products.

Kaspersky's latest endeavour though had us scrambling for the calendar to check whether it was April 1st, as the company is launching a fragrance. Described as 'threatening yet provocative' the rather disturbingly named Threat de Toilette comes, like all the best scents, in pour femme and pour homme versions.

Last week 0patch produced what was described as the first 0-day patch for Windows in lieu of Microsoft's usual Patch Tuesday release. It came after Google revealed a pair of vulnerabilities affecting IE/Edge and Windows.

Having addressed the problem in Windows, 0patch is at it again, this time patching the "type confusion" bug (CVE-2017-0037) that plagues Internet Explorer and Edge. This patch is described as an attempt to "release a simple temporary patch that blocks an attacker than try to create a perfect patch", and it's available for anyone who is willing to place their trust in third-party patching.

Technology companies will be given access to the CIA's hacking tools revealed earlier in the week, Julian Assange said today. The WikiLeaks founder said that full details of the exploits used by the CIA would be shared with a view to allowing companies to patch the security holes.

Apple has already said that it has fixed many of the iOS vulnerabilities mentioned in the document cache, and we know that the CIA exploited vulnerabilities in all major operating systems as well as weaponizing numerous popular programs. While WikiLeaks has made certain details of the CIA's hacking tools public, it intends to share them in their entirety privately so software developers can create patches.

Businesses and consumers recognize the benefits of mobile payments, but worries over security are holding back adoption according to a new report.

The study by Oxford Economics interviewed 2,000 consumers and 300 business executives and finds that 62 percent of consumers say mobile money enhances their buying experience, and 72 percent of executives say mobile payments can boost their sales.

The FBI and CIA are working together on a joint investigation into the Vault 7 document cache published by WikiLeaks that supposedly reveals the CIA's hacking tools. Many of the companies mentioned in the documents for having exploitable vulnerabilities -- including Apple, the Linux Foundation, and Microsoft -- have spoken out about the leaks, but it has taken some time for the CIA itself to respond.

Speaking to the BBC, a CIA spokesperson said: "The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries." FBI director James Comey has also spoken about the lack of privacy that now exists in the US.

If you’re not a data security professional, you may have missed the fact that January 28th was Data Privacy Day (also known as Data Protection Day, in Europe). Since 2007, Data Privacy Day has been designated as a day to raise awareness and promote privacy and data protection best practices.

As VP CSO for Zuora, I’m all for anything that raises awareness and promotes dialogue about data security -- but obviously I don’t just focus on data privacy once a year. For me, and my security colleagues, data privacy is an everyday concern. But the fact is that these days we’re seeing data privacy becoming an everyday concern for everyone. Whether it’s potentially hacked elections or IoT devices listening in on your family conversations, questions about data privacy -- and the implications of hacked data -- are becoming more pervasive and more concerning.