Windows' User Account Control (UAC) feature was designed to help keep computers safe from malicious software installations, but there are already at least a couple of ways to bypass it. A new technique for circumventing UAC not only makes it possible to execute commands on a computer, but to do so without leaving a single trace.

Security researchers Matt Nelson and Matt Graeber discovered the vulnerability and developed a proof-of-concept exploit. The pair tested the exploit on Windows 7 and Windows 10, but say that the technique can be used to bypass security on any version of Windows that uses UAC.

The NSA has (or had...) a collection of malware in its cyber arsenal. It has been stolen by hackers. It is now available to buy.

A group of hackers going by the name of Shadow Brokers claims to have stolen a range of hacking and malware tools from Equation Group's servers -- Equation Group is itself closely linked with the NSA. The group is offering the tools for auction and will sell them to the highest bidder. If bidding reaches one million Bitcoins, however, the group says it will make the tools publicly available to all.

There are a number of high profile ransomware programs doing the rounds at the moment and we know that it can generate lucrative returns for the people behind it.

But just as in the legitimate commercial world, the as-a-service model is starting to gain traction with attackers. Security vendor Check Point is releasing details of Cerber, which it believes is the world's biggest ransomware-as-a-service scheme.

Phishing is one of the major security threats that enterprises now face, but according to new research from Duo Security users are putting 31 percent of organizations at risk of a data breach due to phishing attacks.

Based on feedback from the Duo Insight phishing simulation tool, the company finds that 31 percent of users clicked the link in a phishing email and worse still 17 percent entered their username and password, giving an attacker in a real-world scenario the keys to corporate data.

Professional social network LinkedIn is suing 100 anonymous individuals for data scraping. It is hoped that a court order will be able to reveal the identities of those responsible for using bots to harvest user data from the site.

The Microsoft-owned service takes pride in the relationship it has with its users and the security it offers their data. Its lawsuit seeks to use the data scrapers' IP addresses and then discover their true identity in order to take action against them.

Android has had something of a rough time of things lately with the discovery of the Quadrooter vulnerability and the revelation that a flaw in version 3.6 of the Linux kernel also affects Google's mobile operating system.

Security firm Lookout estimates that 80 percent of Android devices (around 1.4 billion devices) are affected. While initial reports suggested that devices up to Android 4.4 KitKat are at risk, further testing shows that the problem still exists all the way up to Android 7.0 Nougat.

Keeping patients’ confidential records secure is of utmost importance to healthcare organizations and the vendors who work alongside them. Not only is the proper safeguarding of information a good practice, it’s the law.

The Health Insurance Portability and Accountability Act (HIPAA) seeks to protect the sensitive data of patients and to empower healthcare practitioners to keep that information safe through strong security and privacy policies.

Back in the day, people had to walk into a bank in order to rob it. They also had to walk into a car in order to steal it. Nowadays, people rob banks from the comfort of their home (or their parents’ basements), and it’s only a matter of time before they start hijacking cars the same way.

According to a couple of researchers, whose work has been covered by Wired recently, we’re already halfway there -- a new vulnerability has been found which allows hackers to remotely unlock 100 million Volkswagen cars.

Asian nations are not very secure places to keep your digital data, a new report by secure data centre Artmotion suggests.

The report was built on data from the UN, World Economic Forum and Transparency International, among other groups. Titled Data Danger Zones, it ranks more than 170 nations on how good they are at keeping data secure.

Security researchers at the University of California, Riverside, have uncovered a major Linux vulnerability that enables hackers to hijack Internet traffic which, if exploited, can be used to intercept communications, launch targeted attacks, and lower Tor's anonymity. The vulnerability impacts iterations of the open-source kernel released in the past four years.

The security researchers believe that this security issue "affects a wide range of devices and hosts" -- the open-source kernel is well known for powering a significant number of servers and being at the heart of Android, the most popular mobile operating system today. The vulnerability was introduced in a TCP specification that is found in Linux versions starting with 3.6, which was released in September 2012.

Phishing attacks are on the increase and are becoming increasingly sophisticated. This means that older technologies such as blacklisting known phishing sites are struggling to keep up with the threat. The Anti Phishing Working Group detected a 250 percent jump in phishing sites between October 2015 and March 2016.

Fraud protection company Easy Solutions is helping to combat the problem with the public beta launch of its Swordphish predictive phishing and malware risk assessment technology.

During the recent Defcon hacking conference, held last week in Paris, a hacker demonstrated how he could make fraudulent payments through Samsung Pay.

Samsung says it knew of this and considers it an acceptable risk. It claims the method is almost too difficult to pull off, and no different than fraud methods we see today with credit cards.

There are a number of concerns that companies have over migrating to the cloud, but one of the key ones is who else might have access to the data.

Cloud security company Bitglass has released the results of its latest Mitigating Cloud Risks survey in conjunction with the Cloud Security Alliance, which shows that potential government access to encrypted data is an issue.

Shortage of skills is one of the main reasons businesses give for not achieving their objectives according to Gartner and this is especially true in the cybersecurity field.

Access control specialist SecureAuth is aiming to address this with the launch of its SecureAuth University, a continuing education program for customers, partners and employees.

Microsoft has created a backdoor in Secure Boot, the security feature designed to ensure that a device can only run the operating system that it is meant to. And, to make matters worse, it has just accidentally leaked the "golden keys" needed to bypass it.

The Secure Boot backdoor is there to, for instance, allow a Microsoft developer to install a new build of Windows on a device -- that has the security feature enforced -- without it having to be digitally signed beforehand. It makes their job easy, but it also makes the security system ineffective if -- when -- the golden keys that unlock it make their way into the wrong hands.