This report seized the opportunity to do something different; it now focuses on highlighting what’s next for the hacking community. From neurodiversity in the hacking community to the rise of hacking influencer platforms, we’ve examined a broad spectrum of important topics. Now, most security professionals not only understand the difference between threat actors and hackers, but they actually have personal experience with ethical hacking.

Reporting over the course of 2023 and 2024, ETL highlights findings on the cybersecurity threat landscape during a yearlong geopolitical escalation. Throughout the latter part of 2023 and the initial half of 2024, there was a notable escalation in cybersecurity attacks, setting new benchmarks in both the variety and number of incidents, as well as their consequences.

The 3rd edition of the Lucy Study builds on a four-year history of objective comprehensive and robust data. The study lacks precision on the segment of small and micro companies. The number of insured companies - and there analyzed - is not yet sufficient in relation to the number of companies listed by INSEE.

This 10-year anniversary edition of the report dissects the 2022 Microsoft vulnerabilities data and highlights some of the key shifts since the inaugural report. This report will spotlight some of the most significant CVEs of 2022, break down how they are leveraged by attackers, and explain how they can be prevented or mitigated. The way Microsoft classifies the severity rating for a vulnerability is distinct from the likelihood of exploitation.

In this report, we’ll delve into insights drawn from an analysis of over 16 billion authentications in the last year (and over 44B in the last 4 years), spanning nearly 52 million different browsers, on 58 million endpoints and 21 million unique phones across regions. Authenticator apps like Duo mobile appeal to both demand for higher security and ease-of-use. Last year, access to remote access applications fell to nearly 25% of authentications after peaking in 2020.

ThreatLabz found that ransomware attacks increased by 17.8% year-overyear based on blocked attempts in the Zscaler cloud, while ransomware attacks identified through data leak site analysis surged by 57.8%. The findings presented in this report underscore the need for organizations to prioritize protection against the relentless tide of ransomware. The insights and strategies in the report serve as a crucial guide for improving your ransomware defenses.

OWASP MASVS sets a minimum bar for mobile app developers to follow when building apps securely and provides security teams with the ideal testing strategy as part of the organization’s proof of controls. NowSecure benchmark mobile application security testing analysis shows 95% of nearly 6,500 leading mobile apps fail at least one of the seven OWASP MASVS categories.

In the ever-evolving landscape of cybersecurity, the significance of security testing cannot be overstated. As we delve into the 2023 trends, it’s clear that penetration testing remains the cornerstone of a robust security strategy. we’ve observed a substantial 31% increase in manual pentest engagements, highlighting a growing reliance on this building block of security.

This study delivers the latest insights into the threat landscape of workplace collaboration and the opportunities presented by the fastest-growing dataset across the enterprise today. As the leading AI data platform for employee listening, Aware analyzes the state of risk across collaboration platforms such as Slack, Teams, Zoom and Workplace from Meta to create awareness around both the risks and opportunities that lie within digital workplace conversations.

This year’s report introduces results from the Attack Path Validation (APV) and Detection Rule Validation (DRV) products on the Picus platform, offering deeper observations into organizational preparedness against automated penetration tests and the effectiveness of detection rules in SIEM systems. It provides perspective into the current state of cybersecurity and recommends Continuous Threat Exposure Management (CTEM) for those working to adopt a holistic approach.

The 2024 edition of the Blue Report provides key findings and practical recommendations for cybersecurity professionals by evaluating the effectiveness of current detection and prevention practices. The Blue Report 2024 serves as a crucial resource for cybersecurity professionals and decision-makers. It provides perspective into the current state of cybersecurity and recommends Continuous Threat Exposure Management (CTEM) for those working to adopt a holistic approach.

In this report, CrowdStrike OverWatch threat hunters distilled their findings into hundreds of new behavior-based preventions over the past 12 months. As a result, the team’s front-line findings directly augment the Falcon platform’s ability to detect and prevent the latest threats. This data specifically focuses on interactive intrusions — attacks where adversaries establish an active presence within a target network, often engaging in hands-on-keyboard activities to achieve their objectives.

In today’s dynamic threat landscape, our customers rely on us more than ever to protect their sensitive data, systems and operations from increasingly sophisticated cyber threats. From ransomware attacks to malware to crypto-jacking, the adversaries we confront are relentless and evolving, requiring us to be continuously vigilant and proactive. we’ve added some new perspectives that feature feedback from our 24/7, 365 SOC analysts, market insight provided by a reputable cybersecurity insurance provider and even included the voices of some of our partners.

This report nearly coincided with one of the most disruptive cyber attacks in the history of healthcare. The massive payment disruptions for U.S. healthcare providers resulting from the February 2024 BlackCat ransomware attack on Change Healthcare was an extreme yet highly illustrative example of the third-party risks stemming from high interdependence among healthcare organizations. This paper aims to help healthcare organizations and their partners reduce such risks.

This report comes at a time when top organizational risks, such as supply chain, cybersecurity, and third-party risks cut across large parts of all organizations. Stopping supply chain attacks requires understanding their causes and the variables that contribute to them. SecurityScorecard threat researchers assist in that effort by helping organizations gauge their overall risk levels and set priorities for vendor vetting.

The Google Cloud Cybersecurity Forecast 2024 report predicted that cyber criminals and nation-state cyber operators will more heavily leverage server-less technologies within the cloud because it offers greater scalability, flexibility, and can be deployed using automated tools. The report focuses on recommendations for mitigating risks and improving cloud security for cloud security leaders and practitioners.

Unit 42 analyzed several petabytes of public internet data collected by Cortex Xpanse — the Palo Alto Networks attack surface management solution — in 2022 and 2023. This report outlines aggregate statistics about how attack surfaces worldwide are changing and drills down into particular risks that are most relevant to the market. Today’s attackers have the ability to scan the entire IPv4 address space for vulnerable targets in minutes.

This report leverages N2K’s analytical strengths to map WiCyS members’ skills directly to the NICE Workforce Framework, categorizing capabilities into functional areas that highlight the unique strengths and potential growth opportunities for WiCyS members. By conducting thorough diagnostics and focused analyses, this partnership identifies the capabilities of WiCyS members and aligns them with industry standards to ensure that their skills are recognized and utilized to the fullest.

We chose to analyze four recent ransomware attacks. These ransomware attacks resulted in significant business disruption and financial impact, and in some cases, continue to result in collateral damage. While details are often sparse on how the attacks happened, the nature of the attack can be examined to determine the degree to which basic ransomware controls impact organizational outcomes. Many ransomware attacks are not technically sophisticated, but instead take advantage of controllable gaps and lapses that organizations do not actively seek to identify and remediate.

This report presents multiple segments detailing various key aspects of major mass exploitations of 2023. We encourage you to view the year through the perspective of a defender, say on a security operations (SOC) team, with limitless access to GreyNoise data. From this vantage point, see how 2023 might have appeared if you had utilized our datasets* to remain at the forefront of thwarting widespread internet exploits.

The target population was reached through in-person events, and by third parties via their opt-in email lists, Genetec opt-in email lists, and by digital promotions. This report points out whether answers are from all respondents, end user respondents, or channel partner respondents.