Following the revelation of vulnerabilities in Windows, Internet Explorer and Edge by Google, and the delaying of the traditional Patch Tuesday, Microsoft security update practices have been in the spotlight. Google's Project Zero has exposed security issues that Microsoft is yet to fix, so a third party has decided to step in to help out.

A new project going by the name of 0patch has created a "0patch" for a zero-day, addressing the Windows gdi32.dll memory disclosure (CVE-2017-0038) yet to be fixed by Microsoft. As the issue is unlikely to receive an official patch until at least the middle of March, this third-party option is all that's available for now.

A new report suggests that Mike Pence not only used a personal email account to handle state business, but also that the email address was hacked. The US Vice President was one of many who were very vocal in denigrating Hillary Clinton for her use of a private email server in the run-up to the election.

The Indy Star says that Pence used an AOL email address to conduct public business during his time as governor of Indiana. The report also says that his email account was hacked, with a perpetrator gaining access to it in the middle of last year and sending out a fake email to his contacts.

Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation.

The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor.

Advertising agencies, search engines and cybersecurity specialists should work collectively to tackle the security threat from rising malvertising.

According to Ben Williams, head of operations and communications at Adblock Plus unless this happens more users will be exposed to potential security compromises such as malware and phishing, and this will drive further adoption of adblockers as a solution to these threats.

Yahoo CEO Marissa Mayer is not going to receive her annual bonus this year as the company punishes her for failing to react quickly enough to a security breach in 2014. Her bonus is to be shared between staff instead.

The security breach, followed by another in 2016 involving the use of forged cookies, meant Yahoo's sale to Verizon had to be renegotiated, slashing millions of dollars from the price. The company has revealed that around 32 million user accounts were accessed using forged cookies, and while this is nothing like the 500 million accounts affected by the 2014 breach, it rocked faith in Yahoo and Mayer felt it best to also pass on her stock award.

Windows 10 Creators Update is expected to launch in April, and will deliver a wealth of new features and improvements. While a lot of the focus is on 3D creation, gaming enhancements, and security, Microsoft has also made a lot of welcome changes to the user experience.

Michael Fortin, CVP of Windows and Devices Group Core Quality, reveals today that the Creators Update will give users much greater control over privacy, security, and updates.

We've heard the phrase, "users are the weakest link," more than we can count. Building a more resilient cyber security strategy means flipping the model on its head and making people part of the solution. Instead of starting with a technology-based strategy, Absolute discusses how and why organizations can take a people-first security strategy.

Paul Proctor, chief of research for risk and security at Gartner was quoted as saying: "we are facing a cultural disconnect [...] executives believe that IT risk and security is a technical problem." Of course, that’s wrong. Deep down, we know it’s wrong. Security, is, and always will be, a people problem. At least until the robots fully take over. Until then, though, we have to come to grips with the simple fact that with the way security is typically deployed in enterprises today, users will continue to click on things they shouldn’t, visit sites they shouldn’t, or make other uninformed or careless choices leading to breaches, incidents, or loss in availability of systems and data.

Data breaches caused by account take overs (ATOs) are a growing problem, partly due to people reusing passwords so that when a high profile breach -- such as the recent one at Yahoo -- occurs other accounts are put at risk.

User behavior specialist Sift Science is taking on this threat and expanding into the cyber security market with a new tool to detect ATOs.

With increasing amounts of sensitive data stored in the cloud and accessed on mobile devices, protecting that information presents a major challenge.

Data management specialist Informatica is adding to its Secure@Source platform with behavioral analytics to detect high risk data and ensure it's properly protected.

While storing data in the cloud is undoubtedly convenient it also introduces risks and encryption is increasingly seen as a way of helping combat them.

Database-as-a-service company mLab is introducing encryption-at-rest as an opt-in data security measure for customers of its most popular plans, at no additional cost.

With more and more organizations moving their operations to the cloud, old approaches to security are put under strain and struggle to cope with the new way of working.

Network security specialist Observable Networks has put together an infographic looking at the current state of cybersecurity and how old approaches don’t adapt to the cloud.

Mobile malware detection almost tripled in 2016 and advertising Trojans exploiting super-user rights became the top threat.

These are among the findings of Kaspersky Lab's 2016 Mobile Threat report released today, which looks at reports generated by the company's mobile products.

The Internet of Things will have been adopted by 85 percent of businesses by 2019 according to a new global study.

The report from Aruba Networks shows that there are clear business benefits from IoT investments despite the fact that they can lead to additional risk.

Eighteen percent of UK businesses have been the target of a cyber-attack in the last 12 months, according to a new report by Altodigital. These attacks cost the economy £1.9 billion.

Back in 2013 33 percent of companies were hacked, so Altodigital sees the current figure of 18 percent as a "welcome improvement." Each individual attack cost more than £2,000 last year.

People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.

After reviewing simulated attack campaigns targeting almost a million users, phishd by MMR InfoSecurity says that social media is the most effective lure to have victims clicking email links.