This year's Open Source Security and Risk Analysis Report analyzed the anonymized data of more than 1,200 commercial codebases from 2018. According to the report, managing open source risk continues to pose a significant challenge for industry.

The Synopsys Cybersecurity Research Center produces the report, and found that 96 percent of the code bases they analyzed contained open source components.

Jeremiah Fowler, a researcher with Security Discovery recently found an unprotected Elasticsearch databased owned by a company called SkyMed on the internet.  According to his findings the database was configured such that it was open and visible to any browser.

Tech giant Google recently unveiled the next step in its plan to put more power in the hands of users when it comes to their own data.  The most recent change involves the introduction of a new auto-delete feature tied to your Google account.

It will allow you to set your Location History, Web data and App Activity data to auto-delete after a set period of time defined by you.

There's a new scam afoot that involves using Google Ads.

We're frankly surprised that it's working, but apparently, it's drawing some unsuspecting customers in. It appears to be an organized campaign.

The unknown scam artists are creating ads with phrases like:

"Amazon.

A team of security researchers have uncovered a serious flaw in several major email clients you need to be aware of.

The flaw allows hackers to fake verified signatures, which gives their phishing and other email-based attacks the appearance of legitimacy.

Do you use an Android App called 'WiFi Finder'?  If so, be advised that your network password has likely been exposed, based on research conducted by Sanyam Jain, of the GDI Foundation.

Jain discovered an unprotected database online associated with the app that contained more than two million network passwords.

Do you frequent the website bodybuilding.com?

If so, be advised that the site has been breached.

According to a recent statement by the company behind the site, the breach occurred in February, 2019 and had its origins in a phishing email the company received back in July of 2018.

A detailed account of the incident was published on the company's help center and contained most of the elements we've come to expect when things like this happen:

The company is very sorry that it happened
"Certain" customer/member information may have been compromised
The company has been working with law enforcement and has brought in a third party to assist with the forensic investigation, which is ongoing

The company also stressed that while partial payment account numbers were compromised, no full debit or credit card information was at risk.

Industry experts have been predicting the death of the humble password for decades.  To date, those predictions have amounted to nothing.

Passwords are still with us, and still serve as the cornerstone of security, even as other measures have arisen alongside them to help better secure your all-important data.

Microsoft recently issued an important support document that your IT staff needs to be aware of.

In part, their notice reads as follows:

"Inappropriate drive reassignment can occur on eligible computers that have an external USB device or SD memory card attached during the installation of the May 2019 update.

Back in July 2017, Microsoft created a bit of an uproar when they released a build of Windows 10 that promoted their new Paint 3D app.

Paired with the new arrival was an announcement that the classic Windows Paint program would be deprecated and ultimately removed from the OS in subsequent versions.