From the report, “In this SPIE, we shine a spotlight on the phishing prevention approaches of one start-up company, Area 1 Security; and one long-tenured cybersecurity vendor, IBM. Although complete elimination cannot be promised, each is taking steps that reduce the potential of their business clients (Area 1’s Horizon) and their clients’ clients (IBM Trusteer Rapport) from becoming victims. Secondarily, by removing the burden of phishing defense from employees and consumers, employees’ productivity is positively affected, and consumers’ trust in online activities is strengthened.”

Insider threats, such as those associated with the Marriott breach, are considered one of the top concerns in IT security due to the devastating impact on business, reputation, loss of sensitive data, and significant fines. Security solutions that rely on allow lists / block lists and signature files fall far short in their attempt to mitigate this threat. Machine learning and behavioral analysis are uniquely suited to immediately identifying anomalies that indicate an insider threat before any data is lost.

The DataVisor Fraud Index Report Q2 2018 is based on attacks that were detected by the DataVisor UML Engine from April through June 2018 with additional recent attack trend data. This report provides unprecedented insights into the evolving attack trends and characteristics of fraud attacks across a number of industries including social platform, e-commerce, financial services, and mobile gaming.

The DataVisor Fraud Index Report: Q1 2018 is based on attacks that were detected by the DataVisor UML Engine from January through March of 2018, analyzing 40 billion events and 680 million user accounts. This report provides unprecedented insights into the attack techniques that bad actors use to engage in malicious activities and evade detection.

The Q3 2018 Fraud Index Report, produced by the DataVisor Research Team, analyzes recent fraud attacks impacting consumers and organizations for the period July - September 2018.

The report covers a variety of issues but offers these key findings, Sometimes an “attack” isn’t exactly what it first appears to be, Bots are big money for attackers and they’re constantly evolving, Mental health issues cost U.S. businesses more than $190 billion a year in lost earnings. Read on for more information.

This report offers insight into forged documents online. And how they are traded and used to commit identity fraud or evade authorities.

Using intelligence from the ThreatMetrix Digital Identity Network, gaming and gambling companies can accurately differentiate between responsible users and problem gamblers / fraudsters in real time.

The third quarter of 2017 saw an increase in the number of malicious apps flooding the mobile marketplace, the continued issues of imitation and trojan apps in official app stores, and the emergence of the WireX mobile botnet. In this report, they’ll give an overview of these mobile threats, as well as emerging trends they anticipate will be prevalent in Q4 and beyond to help you protect yourself and your customers.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. The fourth quarter of 2017 showed a 37 percent decrease in blocklisted apps over Q3. Key threat trends include brand imitation, phishing, malware, and bankbot attacks on cryptocurrency users.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q3 showed a nearly 220 percent increase in blocklisted apps over Q2. Due to a surge in total apps observed, the percentage of blocklisted apps dropped from 4% in Q2 to 3% in Q3.

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q2 showed a nearly 57 percent increase in blocklisted apps over Q1. Key threat trends include brand imitation, phishing, malware, malvertising scams crossing into the mobile realm, targetted attacks against MyEtherWallet, and the misuse of location data by major mobile providers.

In this report, we’ll give an overview of the recent mobile threats RiskIQ detected in Q2 of 2017, as well as emerging trends we anticipate will be prevalent in Q3 and beyond to help you protect yourself and your customers.

RiskIQ uses its repository of scanned mobile application stores to perform analaysis on threat trends in the mobile application space. The first quarter of 2018 showed a 43 percent decrease in blocklisted apps over Q4. Key threat trends include brand imitation, phishing, malware. A spike in apps targeting cryptocurrency and high-profile threats from nation-state actors.

From the report, “With so much of our personal information now flowing through mobile applications, has our security awareness kept pace? Have consumers adopted best practice behaviors or are they leaving themselves vulnerable to cyber attacks? To better understand consumer behavior, RiskIQ commissioned Ginger Comms² to survey 1,000 US and 1,000 UK consumers aged 16 to 60+, specifically focusing on smartphone apps. The survey was conducted between February and March 2017.”

In this report, you’ll learn how many DevOps servers may be exposed based on a study done by the IntSights research team, how cyber criminals typically access open DevOps servers, and what you can do to protect yourself and your data from a DevOps cyber attack.

IntSights provides the industry’s most comprehensive view into internal and external threats facing the Gaming and Leisure industry. This report will demonstrate and classify threats that are actively underway, or being planned. This will enable security teams to better resource and fortify their infrastructure against attacks.

From the report, “The Puppet 2018 State of DevOps Report took a new tack this year, seeking prescriptive guidance for teams to follow. We designed our survey to learn how organizations progress through their DevOps journeys, and after analyzing the data, we found that the successful ones go through specific stages. Our research also revealed a set of core practices — we call them “foundational practices” — that are critical to success throughout the entire DevOps evolution. In this paper, we’ll take you through an in-depth description of these foundational practices, and offer you our advice for how to begin instituting them in the way that makes most sense for your organization, based on our findings.”

A new survey by UBM and Vera Security explores the use of encryption and access controls to understand how organizations currently use these technologies and to identify their top priorities in file security. The results of this research establish the reasons why encryption isn’t more widely used and considers how organizations can use this technology effectively to ensure the protection of their data.

Domain names are normatively registered for one or more years, and faithfully renewed thereafter. Domains slated for abusive uses, however, are effectively disposable: they are registered, quickly abused for cybercrime, and abandoned. In this study, we monitor an ongoing data feed of newly observed domains (NOD) to generate a cohort data set, and periodically probe those names to determine what fraction of new domains get suspended by their registrar, deleted by the DNS provider, or effectively ‘killed’ by several well-known blocklists. We then analyse how quickly this happens, the most likely cause of domain ‘death’, and how this may vary depending on the TLD involved. The study provides the first systematic study of domain lifetimes, unravelling their complexities and showing the impact of blocklists on the new gTLDs. The results can be used to deploy more secure DNS policy rules in a computer network.

Ponemon Institute is pleased to present the findings of Assessing the DNS Security Risk, sponsored by Infoblox. The purpose of this study is to understand the ability of organizations to assess and mitigate DNS risks. As part of the research, an online index has been created to provide a global measure of organizations’ exposure to DNS security risks and assist them in their response to DNS security risks.