The report outlines the most significant identity attacks of 2022, the weaknesses of MFA, and the IAM hygiene issues that are increasing identity attack surfaces. This report analyzed user data, login information, and information from identity providers including Okta, Azure Active Directory, Duo, and Auth0. In total, the analysis covers more than 500,000 identities from organizations with 1,000+ employees.

Weak passwords abound, and ATO is interrupting services critical to every aspect of online life: working, streaming, ordering, paying, and just plain connecting. Raising security awareness of this topic can certainly help; but the ATO threat will remain endemic until the problems inherent to password use are resolved.

After the CARES act was passed in March of 2020, fraudsters worked towards making money off of it. This report seeks to understand all of the components of fraud happening on the dark web in relation to the CARES act.

Contrary to popular belief, every device is worth hacking when the process is automated. It doesn’t matter who or where you are, if you own a company big or small, or have technology in the home – every device can be monetized by an enterprising criminal. Brute force login attempts are likely occurring on any online device. Yet the speed and scale of the problem can boggle the mind. Criminals are relentless and often competitive with one another to find, take over, and monetize your smart devices. The research you’ll find here, using honeypot devices across the internet, is a first step in attempting to quantify the issue.

This report offers advice for what to do when the barbarians are at your door…

From the one page report, “From trade secrets to client information, legal services and law firms have an ethical and legal obligation to protect privileged data. To help you understand the common attack types and trends facing the legal industry, we’ve compiled the following observations based on real data from across our client base.”

This one page report offers the following, “Whether it’s account data or trading and investor information, financial firms hold a wealth of information that can be quickly turned into monetary gain. To help you understand the common attack types and trends facing the finance industry, we’ve compiled the following observations based on real data from across our client base.”

This infographic provides a summarized list of the points made in McAfee’s 2019 threat predictions blog post.

This report is the first in a bi-annual series that examines risks and attacks in the cloud native computing ecosystem. The next report will be released in the first half of 2019.

The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has since re-emerged. This paper provides an overview.

This Quarterly report continues Rapid7’s excellent work of providing insight to the threats they have witnessed during the 2nd Quarter of 2018.

This report offers a breakdown and analysis of the actions and behaviors of Rowdy, a new type of IoT Malware.

This report discusses the security concerns that have arisen about the new technology, blockchain.

This report takes a look at the DDoS threats that occurred in the third quarter of 2016.

This short article gives a 10 reasons why an ISP’s DDoS Protection may not be able to actually protect an organization.

This paper offers a helpful checklist for making sure you do not compromise your identity management for the sake of GDPR compliance.

It would appear that a new variant titled ‘StoneDrill‘ has now hit the wild and conducts operations very similar to that of Shamoon 2.0 and Shamoon malware. Here is a brief analysis of StoneDrill,