In this eBook, they will discuss the state of cloud threat protection and why it needs a new approach, and take a deep dive into the underlying technologies and must-have components powering effective cloud threat protection. They will then identify the data sources needed in order to gain the type of granular visibility that can ensure successful cloud threat protection and deployment paths for enforcing safe cloud access. Next, they will outline proven best practices around threat protection being employed in real-world enterprises today.

This research presets a list of vectors commonly used by attackers to compromise internal networks after achieving initial access. It delivers recommendations on how to best address the issues. The goal is to help defenders focus efforts on the most important issues by understanding the attackers’ playbook, thereby maximizing results.

The term “exposure” can mean many things. In the context of this report, they define “exposure” as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet, such as database systems. They looked for the presence of 30 of the most prevalent TCP services across the internet, tallied up the results and performed cross-country comparisons to produce a National Exposure Index, a ranked aggregation of the results of Rapid7’s internet-wide scans of 16 usually cleartext or highly targeted common services, based on the in-country prevalence of those services.

This article from the UK discusses ways that organizations can protect themselves from future Malware attacks.

In this report, they focus on issues related to retaining cyber soldiers. They use data from the Army’s personnel files to determine how many new soldiers are likely to meet the qualifications for this new MOS, as well as their expected retention rates. Specifically, they apply 17C enlist- ment requirements to all soldiers to determine how many meet the standards. They also use data on civilian occupa- tions to determine the earnings these soldiers are likely to be offered based on their military cyber training. To do this, they use the American Community Survey (ACS) data on all workers in information technology (IT)–related occupations.

This report provides helpful advice on how to secure Cloud Assets on Amazon’s Web Services.

This report provides an inside look at a threat being downloaded on Google Play.

This paper answers questions about what the deserialization vulnerability is, and what the challenges are to solving it.

This is a threat advisory for Bluclub.

Appthority analyzed the security risks of the Uber app and its integration with other apps in this quarter’s enterprise mobile threat update. What they found may surprise you.

This is an in depth presentation of the data breaches that occurred in the first half of 2015. It contains very detailed graphics, charts, and analysis.

This study, analyzes cyber threats from the years 2014 through 2016.

This is an annual report that discusses the latest malware and hacking trends in compromised websites.

This report discusses the Security Operations Center and how it is being architected in organizations with some consensus on what should be done. The paper details the issues and problems that need to be resolved as this area of expertise continues to grow.

While the use of the dark web as facilitators for illicit drug trade has increasingly been the subject of research by a number of academics, little has been done to conduct a systematic investigation of the role of the dark web in relation to the illegal arms trade, drawing on the insights offered by primary data. To address this gap, and with a view to support- ing policy and decision makers, RAND Europe and the University of Manchester designed this research project.

The Blackmoon Banking Trojan was thought to be shut down in 2016. However, it has re-emerged. This paper provides a brief analysis of the revamped trojan.

This paper seeks to help improve the IT situation in the Healthcare industry.

“Across all technologies and capabilities examined in the survey, about 80 percent or more of insurance executives are “confident” or “extremely confident” about their effectiveness. That might seem reasonable given the progress, but a case can be made that leadership is overconfident. Attackers are becoming increasingly sophisticated and attacks can shut down the business or expose customer data. If about one in five attempted breaches is successful, that’s still a lot of breaches. And, given the findings that 45 percent of breaches are not detected for more than a week (9 percent require more than a month), that’s a lot of risk exposure.”

This project sought to draw lessons from the efforts of others (both nation-state and nonstate actors) in and through the IE for future U.S. Army force planning and investment. These case studies of other forces can help the Army (1) identify capabilities and practices that it should consider adopting and (2) identify adversary capabilities and practices that it must be prepared to counter in future operations in and through the IE.

This report takes a look at Cloud Security Gateways and asks important questions that lead to proper vendor assesment.

This article is fourth in a five-part series developed by Dr. Edward Amoroso in conjunction with the mobile security team from Blue Cedar. The article provides an overview of how mobile app security can be achieved through the technique of code injection.