China can be a difficult place to do business and it's sometimes a question of conscience or pocketbook. It's a huge market and companies stand to make a lot of money there, but the government isn't shy about wanting data in return. Is it worth it? To many corporations the answer seems to be yes, but for those who suffer there because of it the answer is a resounding no.

Now the Electronic Frontier Foundation is pursuing Cisco in court. This isn't a particularly new accusation or case, but the organization isn't ready to let it die.

Trend Micro may still be smarting from the revelation that there was a serious vulnerability in its Password Manager tool, but today the security company warns of the dangers of sharing ransomware source code.

The company says that those who discover vulnerabilities need to think carefully about sharing details of their findings with the wider public as there is great potential for this information to be misused, even if it is released for educational purposes. It says that "even with the best intentions, improper disclosure of sensitive information can lead to complicated, and sometimes even troublesome scenarios".

We all know that cyber attacks can be enormously disruptive, but how far would companies go to prevent an attack?

A new survey by the Cloud Security Alliance and Skyhigh Networks reveals that 24.6 percent of companies would be willing to pay a ransom to hackers to prevent a cyber attack and 14 percent would pay more than $1 million.

Around a year and a half ago, Symantec warned about the personal data stealing malware Android.Bankosy. Now the Trojan has been updated so it can steal passwords delivered via voice call-based two-factor authorization systems.

Such 2FA systems are often used by banks to communicate one-time passcodes to people. While these have usually been delivered via SMS, voice call delivery is becoming increasingly common. Malware makers are keen not to miss out on data stealing opportunities, and the Android.Bankosy introduces a call-forwarding feature that sends 2FA calls to a C&C server so the code can be intercepted and exploited.

Just weeks after Juniper was found to be using insecure code in its products, a security issue has been found in Fortinet's FortiOS. It's a problem that affects the software in older NetScreen firewalls from Fortinet and could allow for remote access of unpatched system.

Buried in the firewall software is a hardcoded password (FGTAbc11*xy+Qqz27) that could be easily used to exploit servers running FortiOS. Ralf-Philipp Weinmann is one of the security researchers who unearthed the problem with Juniper hardware, and he has confirmed the problem which is being referred to as the FortiOS SSH Undocumented Interactive Login Vulnerability.

People turn to security tools to, obviously, improve security. Antivirus tools take care of malware, firewalls manage network and internet traffic, encryption keep files private, and password managers keep passwords safe. At least that's the idea.

Google security engineer Tavis Ormandy discovered a vulnerability in Trend Micro Password Manager (part of Trend Micro Antivirus) which allowed for the remote execution of code and, opened up the possibility for passwords to be stolen. Ormandy posted details of the security problem to the Google Security Research newsgroup, and the clock started ticking on a 90-day full disclosure deadline.

There’s a good chance that the recent DDoS attack against the BBC was the biggest one, yet. That depends on whether the hackers behind the attack are exaggerating or not.

According to a CSO Online report, the hackers claimed the attack on the BBC website, which occurred on New Year’s Eve, reached 602Gbps. If that turns out to be true, that will be almost twice the size of the current biggest attack which sits at 334Gbps.

Juniper Networks has stated that it will no longer be using a segment of security code purported to have been developed by the National Security Agency (NSA) for the purpose of eavesdropping on clients’ VPN connections.

The code in question is based on Dual Elliptic Curve technology, and Juniper has stressed it will be replaced during the first quarter of 2016 for a version that is considerably more secure. The Silicon valley based company claims the new secure code will rely on greater numbers than those generated through the flawed Dual Elliptic Curve technology.

Data breaches were rarely out of the news last year, with the likes of VTech, OPM, Experian/T-Mobile, Ashley Madison and even Hello Kitty all admitting to data leaks.

While you might expect attackers to be using sophisticated methods to get at user data, a new survey from software solutions firm BMC and Forbes Insights reveals that in many cases, it’s known but unpatched vulnerabilities that are being exploited.

Protection solutions specialist Arxan Technologies has just released its fifth annual State of Application Security report which takes an in-depth look into the security of some of the most popular mobile apps available.

The company found a huge discrepancy between consumers’ beliefs regarding the level of security built into the apps, and the degree to which developers of these apps actually address known application vulnerabilities. Worryingly, 90 percent of the applications tested were vulnerable to at least two of the OWASP (Open Web Application Security Project) Mobile Top 10 Risks. These are the most critical risks facing apps.

If you’re still using Windows 8 it’s now time to upgrade because that operating system is about to get a whole lot less secure.

From today, January 12 2016, Microsoft will stop issuing security patches for its 3-year-old tiled OS, which will mean users will no longer be safe from newer threats.

A recent incident with the Facebook Bug Bounty program has led to many different reactions supporting both Facebook and the security researcher. Regardless of who is right in that whole story, the one fact is clear: the researcher went far beyond what the social media site had initially expected, and got access to the sensitive data the company didn’t really want to share with anybody, including the researchers’ community.

These days bug bounties have become very popular, raising more and more questions about their efficiency and effectiveness. We will try to understand how and if bug bounties can be used to test your corporate web applications. I intentionally omit bug bounties for stand-alone software (e.g. Chrome or various IoT applications) as it’s a different topic.

The end of support for older versions of Internet Explorer has been known about for some time now. Despite the fact that there has been plenty of time to prepare for a move away from Internet Explorer 8, 9 and 10, many businesses are simply not ready and security experts warn that this could lead to a spate of attacks from hackers.

Microsoft has been encouraging people to move to Internet Explorer 11, or Edge in Windows 10 for a while, and the countdown comes to an end tomorrow -- 12 January. From this point forward, there will be no more patches or security fixes issued. Security analysts fear that with Internet Explorer 9 and 10 accounting for 36 percent of IE and Edge use, and with more than 160 vulnerabilities discovered in Internet Explorer in the last three years, there are risky times ahead.

Products, no matter how much we may like them, don't last forever. You don't want to be the person keeping a batch of Palms in the freezer for future use -- and there are people who do that. Product cycles run their course and technology moves forward.

Microsoft customers, in some cases, move forward very grudgingly. That's especially true of business, particularly ones who had to be dragged off of IE 6 -- they now need to be dragged even further from that comfort zone.

2015 was a year for the record books in information and cyber security. Dozens of new vulnerabilities were uncovered, and government organizations, businesses and individuals continued to find themselves victims of high-profile data breaches.

As we settle into the new year, we don’t expect this trend to slow down. We foresee more security issues on the horizon that must be addressed in order to ensure privacy for companies and consumers in the year ahead. Here are our predictions on what’s coming in 2016: