Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available)

Part 2 of The Cloud Impact Study looks at the importance of security as a significant driver for cloud transformation, as well as how security and data protection concerns present a challenge that acts as the primary barrier to cloud transformation. (more available)

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available)

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given. (more available)

This article offers a glimpse into the inner workings of the Interplanetary Storm botnet, provides an exhaustive technical analysis of the Golang-written binaries along with an overview of the protocol internals and finally, some attribution information. (more available)

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing. (more available)

This report from Kaspersky explains changes in the threat landscape for industrial automation systems for the first half of 2020. It goes in detail on the variety of malware, the main threat sources, regional differences, and more. (more available)

A survey of over 1,000 US and UK IT professionals on the challenges to having the necessary in-house expertise to achieve a strong cybersecurity posture. (more available)

Akamai examines the attack trends in the media sector over a 24-month period. This research is based on data gathered during regular Akamai operations and is based on a large volume of real events. (more available)

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available)

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri. (more available)

A combination of data from RiskIQ’s internet telemetry network and thought analysis, this report covers changes related to the COVID-19 pandemic, organization’s public attack surface, mobile threats, and the importance of JavaScript as an attack vector. (more available)

RiskIQ scans mobile application stores and analyzes the apps presented for potential malware and other threats. This annual threat report covers the security posture of the mobile ecosystem, identifying threat actions, and making time comparisons. (more available)

In the following report, Naikon describes the tactics, techniques, procedures and infrastructure that have been used by the Naikon APT group over the 5 years since the last report, and offer some insight into how they were able to remain under the radar. (more available)

Lares encounters a seemingly endless number of vulnerabilities and attack vectors when we conducta penetration test or red team engagement, regardless of organization size or maturity. (more available)

F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy. (more available)

Ponemon Institute is pleased to present the findings on the economics of today’s Security Operations Centers (SOC). Sponsored by Respond Software, Ponemon Institute surveyed 637 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. (more available)

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. (more available)

Cofence report on how phishing attempts and phishing prevention have changed in 2019.