Key concerns of information security executives include the growing threats of global cyber terrorism, the current state of security within the US and the ability of organizations to prevent such attacks.

These are among the findings of a new study by account management solutions provider Thycotic of more than 200 security industry attendees at RSA.

The PETYA ransomware is just one of the recent examples of malware that encrypts victims' hard drives until a fee is paid. The advice from the government is not to pay the ransom -- or at least not expect to get a decryption key if you do -- but a password generator has been created that means you can decrypt your hard drive for free.

While TeslaCrypt 4 boasts 'unbreakable encryption', the same cannot be said of PETYA, although the PETYA ransomware does have the irritating habit of overwriting MBRs. This does mean that there is no way to interact with the drive on the infected computer, but with access to a spare machine to read the drive and access to the online tool created by Leostone, you could have your data back in seconds. As the tool's website proudly proclaims, you can "Get your petya encrypted disk back, WITHOUT paying ransom!!!" -- here's what you need to do.

The British government secretly rolled out powers that permitted the immigration officials to hack the mobile phones of asylum seekers and refugees, the Observer reveals. The Home Office has confirmed the hacking powers which have sparked outrage from privacy and human rights groups.

Since 2013, immigration officials have not only been permitted to hack into migrants' phones and computers, but also to install surveillance equipment in homes and detention centers. With concern about governmental plans for the snooper's charter and the privacy invasion this entails, claims that the powers are needed to "deal effectively with all immigration crime" are likely to fall on deaf ears.

Apple's battle with the FBI has focused the attention of the technology community on encryption. But while just about all of the big players in the tech world backed Apple's refusal to create a backdoor for the FBI into iOS, Congress has a very different idea about how encryption and governmental access to data should be handled. This is perfectly demonstrated by a new bill.

The draft version of the Compliance with Court Orders Act of 2016 -- penned by Senators Diane Feinstein and Richard Burr -- would essentially force all US companies to decrypt data they may have encrypted, or to provide backdoors when asked. It's a bill described variously as 'dangerous', 'encryption-weakening', and 'anti-security', and it starts off aggressivley in stating that "no person or entity is above the law". In effect, it renders the encryption put in place by the likes of WhatsApp completely pointless as, if the bill is passed, companies would have to decrypt data on demand.

Ransomware is one of the most prevalent security threats at the moment, and each week there are new examples that up the ante a little more. In recent months we have seen cross-platform ransomware, Tesla 4's unbreakable encryption, and the MBR-overwriting antics of PETYA, but a new phishing scam takes another approach.

In a cleverly orchestrated campaign, a phishing scam is doing the rounds whereby malware meets social engineering in a bid to extract cash from victims. It marries together the file-encrypting Maktub ransomware with a thinly-veiled threat -- home addresses. Quoting victims' home addresses to them serves two purposes: it adds a level of authenticity to the phishing email, but also acts as additional leverage by upping the fear level.

Just a few days ago, WhatsApp trumpeted the roll out of end-to-end encryption for its messaging service. The world rejoiced. With events such as the battle between Apple and the FBI turning attention to encryption, the announcement was well-timed to ride the crest of the wave. But it seems that for all of the bluster and bravado, the news about extra protection may not be quite as good as it seems.

Analysis of WhatsApp's privacy documentation reveals that the Facebook-owned company retains a huge amount of data about messages that are sent. If this all sounds familiar, it's because the retention of metadata is precisely what the NSA was (is?) up to, trawling web communications and upsetting Edward Snowden and privacy advocates around the world. WhatsApp's encryption and policies mean that those who are concerned about their privacy should not rest on their laurels.

The recent furore between Apple and the FBI over access to the San Bernadino shooter’s iPhone brought privacy debates firmly into the public eye. Despite tech giants, politicians and privacy campaigners explaining the potential ramifications of the case, many people remained on the fence.

A recent survey by the Pew Research Centre found that the majority of Americans sided with the FBI and believe that Apple should have complied with its demands. I find this deeply concerning because it shows how easily our collective privacy could be eroded in the name of national security, and also how little most people seem to understand the encryption technologies which protect us all.

In our increasingly connected world it isn't just your computer or smartphone that can fall victim to attack. The Internet of Things is producing a whole new generation of vulnerable devices.

Not least of these are connected cars where attackers can potentially infiltrate and take control over car systems, even killing the engine as you drive.

APIs are the glue that holds much of the digital world together, connecting systems, apps and data. But a new survey reveals that many organizations are failing to place enough emphasis on API security.

Research company Ovum in partnership with bot detection and mitigation firm Distil Networks, surveyed 100 IT and security professionals. They found that 30 percent of APIs are planned out with no input from the IT security team and 27 percent of APIs proceed through the development stage without the IT security team weighing in.

It turned the case of the century in to the case that didn’t really happen. The battle between Apple and the FBI came to a sudden end last month when the US Justice Department said it didn’t need the iPhone manufacturer's help, and then successfully hacked its way into the iPhone in question.

With the San Bernardino shooter's iPhone seemingly successfully cracked, the FBI last night revealed to Senator Dianne Feinstein just how it managed it. There are no current plans to share this information with Apple, but FBI Director James Comey revealed that the tool that was brought in only works on the iPhone 5c.

Back in September of last year we reported that Microsoft had announced its purchase of cloud security firm Adallom to help its customers protect their cloud-based data and applications.

In February it teased that a new Cloud App Security offering based on Adallom's technology would be released in April. Well, today the wait is over and the product becomes generally available as a cloud-delivered service to help IT and security teams gain visibility and control over cloud apps.

Until recently, hard disk drives prevailed as the dominant storage device on desktop computers, laptops, smartphones, tablets, servers, and data centers. But thanks to the drop in price for solid state drives (SSD), that has changed. SSDs are more popular among both individual users and businesses. But for all of the advantages, they also possess unique traits that present some difficulties in wiping data from them.

Unfortunately, knowledge of the proper solid state drive erasure methods has not been anywhere near as fast or as ubiquitous as the SSD adoption rate. So you will often see methods that are assumed to be reliable -- such as reformatting and factory resets -- being performed on solid state drives. But that doesn’t mean it’s impossible to properly erase data from SSDs -- it just means users need to understand all of the technical features, the key situations when data has to be absolutely erased and the most reliable data removal method that needs to be used.

More than 27 million Android devices running medical apps are likely to have high risk malware installed according to a new report.

The Mobile Threat Intelligence report from threat defense company Skycure is focused on healthcare and finds that doctors who use mobile devices to assist their day-to-day practice are exposed to network threats, and that these significantly increase over time.

Among the biggest cyber-threats to businesses nowadays are phishing, patch exploitation, trojans and DDoS (Distributed Denial of Service), yet new figures show that a quarter of companies don’t have an anti-DDoS protection set up.

Those are the results of a new survey by security firm Kaspersky Lab and B2B International. According to their research, approximately half of businesses surveyed understand the risks cyber-attacks pose, not just to their financials, but also to their reputation. Approximately, the same percentage also thinks being protected from DDoS attacks is an important cybersecurity requirement.

Encryption has been a hot topic for some time, but the battle between Apple and the FBI really brought it to the fore in recent weeks. In response to the FBI trying -- ultimately successfully -- to crack into the San Bernardino shooter's iPhone, WhatsApp was just one of the companies that promised to increase encryption.

Today the popular chat tool made good on its promise, enabling full end-to-end encryption; this means that calls, messages, photos, videos, files, voice messages, and group chats are all protected with end-to-end encryption. Importantly, this extra layer of security is enabled by default, leading WhatsApp to claim it is "a leader in protecting your private communication".