The State of Remote Work Security Report reveals the status of organizations’ efforts to secure the new workforce, key challenges, and unique security threats faced by organizations, technology gaps and preferences, investment priorities, and more. The need to secure the remote workforce has never been more critical. A year into the pandemic, organizations are still grappling with how to protect their assets.

The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance.

Q3 saw a notable trend in which attackers launched DDoS attacks at single targets within a CSP, attributing an attack size increase of 544% QoQ and 232% YoY. Over 55% of attackers focused on hitting specific service with high volumes of traffic simultaneously. Due to the dramatic increase in attack size, this shift to employing high-penetration volumetric attacks can potentially lead to additional impact to CSP networks, regionally.

The Zscaler Zero Trust Exchange houses the largest security data set in the world, collected from over 300 trillion signals and 160 billion daily transactions - more than 15x the volume of Google searches each day. Zscaler’s ThreatLabz threat research team analyzed this data from the last nine months of 2021, assessing threats in encrypted traffic over the span.

A recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication method.

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. The scope of his exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications.

This report will give a snapshot of 2020’s mobile threat landscape and dive into emerging trends we anticipate carrying into 2021.

This report is based on in-depth analysis of roughly 20,000 confirmed threats detected across our customers’ environments, this research arms security leaders and their teams with actionable insights into the malicious activity and techniques we observe most frequently.

We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. Second, we create a simulation that seeks to minimize organizational exploitability under varying scenarios combining vulnerability prioritization strategies and remediation capacity. Bottom line: If you’re looking for proven ways to squeeze the most risk reduction from your vulnerability management (VM) efforts, this report is for you.

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight.

Part 2 of The Cloud Impact Study looks at the importance of security as a significant driver for cloud transformation, as well as how security and data protection concerns present a challenge that acts as the primary barrier to cloud transformation. This report explores how cloud computing can bolster the overall security of an organization, but as deployments become more complicated, so too does data governance and security.

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. It also compares the code to popular malware like Kazuar, suggesting it is being used by the same groups.

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. This volume provides a quantitative analysis of the timeline of key dates in the lifecycle of an exploited vulnerability, exploring the effects of releasing exploit code relative to the date of CVE publication and patch availability, discussing the ramifications to attackers and defenders.

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given.

This article offers a glimpse into the inner workings of the Interplanetary Storm botnet, provides an exhaustive technical analysis of the Golang-written binaries along with an overview of the protocol internals and finally, some attribution information.

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing.

This report from Kaspersky explains changes in the threat landscape for industrial automation systems for the first half of 2020. It goes in detail on the variety of malware, the main threat sources, regional differences, and more.

A survey of over 1,000 US and UK IT professionals on the challenges to having the necessary in-house expertise to achieve a strong cybersecurity posture.

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms.

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri.

A combination of data from RiskIQ’s internet telemetry network and thought analysis, this report covers changes related to the COVID-19 pandemic, organization’s public attack surface, mobile threats, and the importance of JavaScript as an attack vector.