Since threats to enterprise systems often come from stolen or compromised credentials, managing user identity is a vital part of modern security.

Access control specialist SailPoint is announcing a plugin framework for its SailPoint IdentityIQ platform that will allow customers and partners to develop extensions to the core product features, so they can move towards a more identity-aware organization.

The Internet of Things (IoT) may be the US National Security Agency’s next potential target for spying and collecting data according to a comment made by its deputy director at a recent military technology conference.

During the conference, which was held in Washington DC on June 10, deputy director of the NSA Richard Ledgett said that the agency is considering potential ways it could collect data from internet-connected devices such as smart appliances and pacemakers.

Apple was quite boisterous at WWDC today regarding its operating systems and services. Quite frankly, I was blown away at all the ways the company is looking to improve its customers' lives, but some folks were apparently underwhelmed. Oh well, you can't please everyone, I suppose.

For some reason, Apple was fairly quiet about one huge change -- it is replacing the HFS+ file system. Based on the more-than-30-year-old HFS, it is apparently time to move on. What is the upcoming file system called? The unimaginatively "Apple File System". The encryption-ready file system will be used on macOS, iOS, tvOS, and watchOS.

For the first time ever, the majority of cybersecurity professionals believe cloud-based apps are as secure as on-premise apps. Those are the results of a new survey conducted by Bitglass, among 2,200 cybersecurity experts.

According to the report, entitled The Rise of Purpose-Built Cloud Security, 52 percent of those surveyed said they found cloud-based apps as secure as their on-premise counterparts. The most interesting thing is that this percentage has jumped from 40 percent same time last year.

As organizations move more of their data to the cloud the risk from shadow IT in the form of connected third-party apps grows greater.

New research from CloudLock CyberLab, the security intelligence part of the CloudLock security platform, finds that 27 percent of third-party apps are classified as high risk. This means cyber criminals could gain programmatic access to corporate platforms and impersonate end users.

Ransomware is one of the most important security threats for business to deal with as it has the potential to cause serious damage and financial loss.

User behavior specialist Exabeam is launching its Analytics for Ransomware, a new application designed for early detection across the corporate network. Unlike other security products, Exabeam can detect ransomware movement and activity in the network, servers, workstations, BYOD devices, and cloud services.

When a data breach is just as likely to originate from inside the organization as outside, protecting an enterprise can be a difficult task.

Californian company Preempt is launching a new proactive approach that allows organizations to spot threats in real-time without engaging already overwhelmed security teams.

"If you’re using open source, chances are you are likely including vulnerabilities known to the world at large". This is a quote taken from the latest open source security report released by software company Black Duck.

The company analyzed more than 200 applications that are based on, or partially use, open source material, over a six-month period. The results are that 67 percent of them have vulnerabilities, and every application has at least five vulnerable components.

In a move that could boost Donald Trump's election campaign, WikiLeaks is on the verge of releasing more of Hillary Clinton's emails from her stint as US secretary of state. Clinton's use of a homebrew email server and a private email address for sending classified information has dogged her presidential campaign -- and Julian Assange is happy for that to continue.

The WikiLeaks founder, currently in exile in the Ecuadorian embassy in London, has made no secret of his loathing for Clinton. She is the subject of a federal investigation, and Assange is happy to add fuel to the fire by publicly releasing another batch of emails.

Documents leaked by Edward Snowden reveal that Scottish authorities have been engaged in gathering data about phone and internet usage in much the same way as the NSA and GCHQ. The Scottish Recording Centre (SRC) accessed information gathered as part of a bulk data collection program called MILKWHITE.

Scottish newspaper The National, in conjunction with the website CommonSpace, have exposed Scotland's role in the UK's mass surveillance programs. Police and tax authorities in Scotland -- devolved from UK forces -- were given accessed to what the Intercept describes as 'huge troves of metadata' gathered by spy agencies.

An eagle-eyed Reddit user has noticed that code run through Visual Studio 2015 C++ compiler make calls to Microsoft's telemetry services. Microsoft has already upset a large number of people with the privacy and telemetry issues in Windows 10, and there is now a busy thread on Reddit discussing the company's thinking behind including this 'feature'.

Coders have expressed concerns that Microsoft appears to be inserting calls to its telemetry service into binaries as they are compiled. Calls to telemetry_main_invoke_trigger and telemetry_main_return_trigger raised a few eyebrows having been found in both debug and release versions of the software. The good news -- maybe -- is that telemetry can be disabled.

It seems all that talk by security experts how employee education is the best way to protect a business from a cyber-attack has fallen on deaf ears.

A new study by ISACA, based on a poll of 2,000 UK consumers, says that more than half of those haven’t gotten any cyber-security awareness training, at all.

To be effective in fighting cyber crime it's important that businesses are able to share intelligence effectively.

Endpoint security company Carbon Black is enabling this with its new Detection eXchange, a collective defense ecosystem which will enable thousands of security professionals to collaborate against hackers and prevent cyber attacks.

Google's plans to gather Street View data in India have hit a brick wall after the country rejected the company's proposals.

Indian security agencies expressed concerns about plans to send Google Street View cars around the country, taking 360-degree photos along roadways. This is certainly not the first time Google Street View has faced problems, with numerous cases relating to privacy resulting in changes being made to the service.

Cyber attackers use a variety of anonymity techniques to avoid detection. Many attacks come from anonymous proxies and anonymity networks are often use valid, but compromised, credentials.

Access control specialist SecureAuth is launching a new Threat Service product to stop suspicious logins even if attackers have valid credentials and even if they are logging in from an anonymous network.