Imagine a vulnerability that would allow malware to take over your mobile device; turn on the microphone, camera and GPS; and transmit everything it hears, while simultaneously sending copies of e-mail and text messages to a remote server. Sounds like a nightmare, right? Unfortunately, it exists. Worse, your security software can’t stop it.

Microsoft admitted this week that months after the discovery it is still working to fix a Skype vulnerability that potentially can  reveal a user's location and download habits. As of Jan. 12, the vulnerability remained and Microsoft, which owns Skype, offered no timetable for a fix.

The United States Computer Emergency Readiness Team (US-Cert) sent out an alert Dec. 29 warning that the Wi-Fi Protected Setup (WPS) PIN, typically the default protection on millions of routers, is susceptible to a “brute force” vulnerability.

The pilot version of a HIPAA compliance audit program is now under way and will continue through the end of the year. But what makes this program unique is that non-health care entities may be audited as well.