The past year, the VOID grew from 2,000 to nearly 10,000 incident reports from close to 600 organizations. We rigorously collect the same metadata, along with a new value: severity. (more available)

The information in this report is based on ransomware-related information obtained from analysis of BSA data, trade publications, and commercial reporting, as well as insights from law enforcement and other partners. (more available)

The 2021 Remote Workforce Security Report reveals the current state of protecting the new workforce of widely distributed organizations. The report explores their key challenges, along with the new security threats they face, technology gaps and preferences, investment priorities, and more. (more available)

This Remote Workforce Security Report reveals the state of securing the new workforce. The report explores key challenges and unique security threats faced by organizations, technology gaps and preferences, investment priorities, and more. (more available)

The State of Remote Work Security Report reveals the status of organizations’ efforts to secure the new workforce, key challenges, and unique security threats faced by organizations, technology gaps and preferences, investment priorities, and more. (more available)

The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance. (more available)

Q3 saw a notable trend in which attackers launched DDoS attacks at single targets within a CSP, attributing an attack size increase of 544% QoQ and 232% YoY. (more available)

The Zscaler Zero Trust Exchange houses the largest security data set in the world, collected from over 300 trillion signals and 160 billion daily transactions - more than 15x the volume of Google searches each day. (more available)

This AT&T Cybersecurity Insights report is the third in a series that highlights the need for security in a new compute paradigm underpinned by 5G and edge. (more available)

A recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication method. (more available)

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. (more available)

This report will give a snapshot of 2020’s mobile threat landscape and dive into emerging trends we anticipate carrying into 2021. (more available)

This report is based on in-depth analysis of roughly 20,000 confirmed threats detected across our customers' environments, this research arms security leaders and their teams with actionable insights into the malicious activity and techniques we observe most frequently. (more available)

We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. (more available)

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

Part 2 of The Cloud Impact Study looks at the importance of security as a significant driver for cloud transformation, as well as how security and data protection concerns present a challenge that acts as the primary barrier to cloud transformation. (more available)

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given. (more available)

This article offers a glimpse into the inner workings of the Interplanetary Storm botnet, provides an exhaustive technical analysis of the Golang-written binaries along with an overview of the protocol internals and finally, some attribution information. (more available)

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing. (more available)