The loss of trust and confidence of customers is the most damaging consequence of a DDoS (distributed denial of service) attack, a new survey by Corero Network Security says.

In the annual survey, entitled DDoS Impact Survey, losing trust is the most damaging consequence for 50 percent of those surveyed, followed by lost revenue, for 34 percent. The surveyed include IT decision makers (ITDMs), network operators and security experts that were present at the recently held RSA 2016 conference.

Overall bad bot activity is decreasing, but the number of advanced persistent bots is up according to a new report.

The 2016 Bad Bot Landscape Report from Distil Networks reveals that 88 percent of all bad bot traffic has one or more characteristics of an advanced persistent bot, one that's able to mimic human activity and evade detection.

Security company SentinelOne has released news of a major flaw in Apple OS X systems that can allow the bypassing of the latest System Integrity Protection security feature.

This zero day vulnerability is present in all versions of Apple's OS X operating system. It has been reported to Apple and patches will be available soon. SentinelOne’s lead OS X security expert, Pedro Vilaça, is presenting the full findings on this vulnerability today at SysCan360 2016 in Singapore.

Uber is calling on independent computer researchers and experts to find weaknesses in its system as the transportation firm is set to release its technical map.

As Uber jumps into the bug bounty bandwagon -- a philosophy that has long been advocated by the open-source software movement -- it details its software infrastructure to the public, identifies what sorts of data might be exposed inadvertently and suggests what types of flaws are the most likely to be found.

Accidental deletion of information is the leading cause of data loss from SaaS applications, responsible for 43 percent in the US and 41 percent in the UK, ahead of data loss caused by malicious insiders and hackers.

This is among the findings of a new survey of IT professionals in the US and UK from cloud backup specialist Spanning which also has insights into who is responsible for SaaS data protection, organizational confidence in SaaS data protection, and the top concerns surrounding moving data to the cloud.

Victims of online fraud are to blame for their misfortune and should not be rewarded with a refund for money they lose. This is the view of UK Metropolitan police commissioner Sir Bernard Hogan-Howe who says that banks should not pay money lost to online fraud as the victims have not taken their security seriously.

Rather than offering refunds to customers, banks should instead be encouraging them to use stronger password, keep antivirus software up to date, and generally be more careful. It's a view that’s certainly going to prove controversial and raises the question of whether the carrot or the stick is the best approach to tackling online fraud.

According to new research 90 percent of IT security leaders in US federal agencies say they feel vulnerable to data threats.

In addition 61 percent have experienced a past data breach, with nearly one in five indicating a breach in the last year. This is among the findings of the US Federal Government Edition of the 2016 Vormetric Data Threat Report from enterprise data protection company Vormetric and 451 Research.

As an answer to the ever increasing threats of cyber-attacks, the security budgets across various industries are growing, a new survey by The Institute of Information Security Professionals (IISP) suggests.

However, the rise in budgets is not enough to tackle the problem.

The FBI attempts to force Apple to unlock the San Bernardino shooter's iPhone have been in the headlines for a while now, stirring up debate about which side of the argument is in the right. Apple has refused point blank to help, but a recent twist saw the FBI changing its mind by saying it doesn't need Apple's help after all.

An outside party -- believed, but not known, to be Israeli security firm Cellebrite -- contacted the FBI to help access Syed Farook's iPhone. The Justice Department said it is "cautiously optimistic" that the proposed method, which is currently being tested, will be successful, but some reports suggest that it has already been used to break into some iPhones. Apple will obviously want to take steps to secure other devices if the hack is effective, but it has been classified to keep it secret.

Thieves can probably steal a bunch of cars with ease, if they are equipped with keyless entry. Those are the results of a new study done by a group of German car security researchers, looking into just how secure the technology is.

According to a news report by Wired, keyless entry for cars is not secure at all. As a matter of fact, out of 24 different cars, from 19 different manufacturers, all have been easily hacked through a method of amplifying the signal from the key fob in the house.

If you think an application is suspicious, then you might run it in a sandbox, a virtual machine, maybe use a debugger, and watch what it does. And if nothing happens then that means it’s safe. Right?

Well, maybe not. Malware will often try to detect this kind of trickery, and if it thinks it’s being watched, won’t do anything to raise an alarm.

The tech talent shortage the UK is faced with nowadays is no small problem, as the demand for IT security experts reaches new heights.

According to a new research by recruitment finance provider Sonovate, IT security professionals are currently the most wanted workers in the UK’s growing jobs market.

Privileged accounts exist in all areas of business IT and if compromised they can provide an external attacker or dishonest insider access to sensitive data.

Account management company Thycotic wants to help businesses protect themselves and so is giving away a no-cost version of its Secret Server package to guard against attacks that target privileged accounts.

The security of the Internet of Things is fundamentally broken. Developers and manufacturers understandably are eager to get their new hi-tech products to market and unfortunately often overlook security, instead operating under the misapprehension that security-by-obscurity in their proprietary systems will do. The problem is that security researchers, and those with more malicious intent, can almost always extract binary code from the device memory via JTAG or similar in-circuit debugging facilities, or find it online in the form of updates, and reverse engineer via one of the many tools readily available.

Furthermore, a lack of security subject matter expertise among hardware-oriented engineers creates major vulnerabilities, compounded by the fact that firmware can too easily be modified; and a lack of logical separation between critical and non-critical components within the device opens up further avenues for attackers.

According to new research from identity management company SailPoint one in five employees would be willing to sell their work passwords to another organization, up from one in seven last year.

Of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100. This is made worse by the fact that 65 percent admit to using a single password among applications and 32 percent share passwords with their co-workers.