There we are: the last Patch Tuesday of 2015. It turns out to be about average, with maybe a bit more severity in the bulletins than usually. We have eight critical bulletins in the total 12, including one that fixes a 0-day vulnerability, currently in use by attackers to escalate privileges in Windows. 0-days used to be very rare occasions, but this year they have become almost mainstream.

After all the year started off with a string of 0-days in Adobe Flash and since then we have seen almost every month a patch for a vulnerability that is already under attack. Definitely a sign of the increasing technical capabilities that attackers are wielding and a reminder that IT Managers should not only patch their systems promptly, but also look for additional robustness.

A kind word will open any door, but a special kind word will open all doors to an otherwise safe computer system, a McAfee advisory says.

The advisory has said that "a specially crafted username" can get past the Security Information & Event Management logins without authentication, and without a password, "if the ESM is configured to use Active Directory or LDAP".

Only 37 percent of SMBs believe that their organizations are fully equipped to handle IT security according to a new survey.

The study by security company Webroot reveals that in most small to medium businesses, IT teams are expected to handle all cyber security management and concerns. IT employees at almost one in three companies (32 percent) juggle security along with their other IT responsibilities, which leaves them limited time to cope with security tasks.

The unrelenting move to the cloud means that web apps are becoming ever more common. They have also increasingly become targets for hackers and this is often because of security failings; many of the recent high-profile security breaches have come about because of web app security vulnerabilities.

Ilia Kolochenko, CEO of High-Tech Bridge suggests a quintet of things companies do -- or fail to do, that make the life of hackers easier.

With the rise of digital data, changing technology, and common usage of personal devices, the IT world has become ever more complex with new challenges around every corner. In the wake of such quick changes and complexity, many individuals end up exaggerating the difficulties found within these new systems and thereby begin spreading some major falsehoods within this vast IT sphere.

Even though the influx of information and discovery has given way to the creation of several urban legends, below you will see what is true and what is not.

We already know the importance of defending endpoints to keep business systems secure. The latest release of Panda Internet Security offers protection for PC, Mac, iOS and Android devices, and aims to provide a wide spectrum of security in an easy-to-use package.

For businesses looking to help staff protect their BYOD devices or smaller organizations looking for desktop protection, what does it have to offer?

Retailers believe they're doing a good job of protecting their sensitive data, but may in fact be ignoring major security holes.

This is among the findings of a retail risk report from threat protection company Bay Dynamics, based on a survey of IT decision makers in 125 large US retail organizations.

Encryption is not all it’s cracked up to be according to a recent security report, with coding flaws introducing a number of vulnerabilities into smartphones and their software.

Seven in eight Android apps and 80 percent of all iOS apps have encryption flaws, claims Veracode’s State of Software Security report.

As businesses grow and expand their online presence, they can end up with customers needing lots of different logins for blogs, support portals, forums and more. This can lead to frustration among users and mean that businesses lose sight of their system interactions.

Software company Inversoft is launching a solution to this problem in the form of Passport. This not only allows a single sign-on between applications, games, forums, help desks, user accounts and other offerings, but also gives companies a comprehensive view of user activity.

When I switched from Android to iOS earlier this year, it had nothing to do with being a fanboy, hating Google, or loving Apple. Truth be told, I have never ever owned a Mac -- although I have played around with Hackintosh -- and I continue to use many Google services like YouTube and Gmail. The reason I switched was simple -- security. Too many Android devices get abandoned by manufacturers, meaning users are expected to use devices with known vulnerabilities -- unacceptable. With iOS, I can be confident that I will get a steady stream of updates.

While Android continues to be a dangerous Wild-West-like experience when it comes to updates and vulnerabilities -- except for Nexus devices -- today, Google is making it a bit safer to use. As long as you use Chrome as your web browser on the mobile Linux-based operating system, the search giant will try to protect you from potentially dangerous websites. Yes, Android is becoming, arguably, a little less dangerous.

Nearly half of IT and security professionals across global businesses and government agencies have suffered a security breach in the last 24 months. Headline grabbing hacks such as Talk Talk and Sony are putting both personal and corporate data increasingly at risk as growing numbers fail to keep personal information secure.

Recent news has seen data breach after data breach including those of communications giant TalkTalk, whose customer information was compromised due to a data breach by a third party, and even the Sony hack, where a lack of secure computer systems led to a release of confidential data. Whether a result of malicious intent or simple human error, it is clear that mismanagement of sensitive information is commonplace. A data breach puts your businesses reputation at risk, damages consumer trust and can impact the bottom line. So who exactly is to blame when a data breach occurs?

The days and weeks after a major security breach can be trying, even for veterans of the security field. Chaos inevitably erupts as the organization attempts to assess and contain the damage. Often far down the list of priorities is the disclosure of the breach, but this can be one of the most critical steps for an organization to get right.

It is vital for financial reasons, to the recovery of the brand and for the viability of the company. It is not an easy task when customer’s personal information has been stolen. The reaction from customers is almost always the same: swift and highly critical of the organization and how it manages the aftermath.

Enterprise users are always looking for ways to protect their systems, and Microsoft recently unveiled a new opt-in feature to protect against Potentially Unwanted Applications (PUA). PUA is a broad term that covers everything from adware to browser extensions, and users of Windows 8 and Windows 10 can enable the feature to block such nasties at a download level.

PUAs are described by Microsoft as "a threat classification based on reputation and research-driven identification", and includes unwanted components bundled with legitimate software. Venture into the registry, and a tweak can be used to enable protection against such unwanted elements.

Responding to a spate of Android vulnerabilities and exploits, Samsung was one of the first companies to announce a move to monthly security updates for its handsets. This is great news for those concerned about the security of their phone, but for people running Lollipop there has been no way to check that the latest updates are installed.

Now this changes. Samsung is bringing the previously Marshmallow-only "Android security patch level" information to Lollipop handsets such as the Galaxy Note 5 and Galaxy S6 edge+. With just a few taps, it is now easy to check which month's security updates have been installed.

Microsoft has always licensed Windows Server on a per-socket basis, but with the 2016 release this is due to change. When Windows Server 2016 launches in the second half of next year, things are being shaken up. As well as the two versions -- Standard and Datacenter -- including different features, there is also a move to per-core licensing.

In a couple of PDF datasheets, Microsoft reveals not only the change in licensing, but also that Windows Server 2016 and System Center 2016 Standard and Datacenter Editions are scheduled for release in Q3 of 2016. The licensing change is unlikely to be welcomed by many, as it complicates a system that had become familiar -- and could also push up pricing.