This report offers insight from the research and results of Rapid7’s repeated penetration testing.

This paper describes six key weaknesses that an adversary can use to undermine a plant’s operation, providing real-life threat details and mitigation options.

This report takes a look at the cyber threats that took place in the 2nd Quarter of 2017. It provides a good concise look at what business sectors were most under threat.

Here is a short report on the history of IoT Botnets.

In this paper they discuss several aspects of the healthcare threat surface.

This report is the result of joint research performed by Digital Shadows and Onapsis, aimed to provide insights into how the threat landscape has been evolving over time for ERP applications.

The series will show you how to take practical steps to aid your organization in meeting GDPR requirements for protecting personal data.

This monthly threat report takes a look at the month of February 2018. Specifically, it looks at how Agent Tesla works, cryptocurreny malware, ransomware’s refusal to die, and Turla APT updating their malware after public advisories.

This is Rapid7’s Quarterly Threat Report. In this report they wrap up the cyber events from the year 2017 and lay out some thoughts on what is ahead in 2018.

This report examines the weaknesses in Apple products and the growing trend of attacks on the Apple system.

This paper offers some solutions to the best practices for securing Amazon Web Services.

In this, the eighth volume of this report, they present metrics that are based on real application risk postures, drawn from code-level analysis of nearly 250 billion lines of code across 400,000 assessmnets performed over a period of 12 months between April 1, 2016 and March 31, 2017.

This ia a threat advisory for Lycos Mail

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the top threat’s for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. They encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

This report takes a look at Business Email Compromise attacks and examines why the FBI was able to report that it has become a billion dollar industry.

For our 3rd Annual Underground Hacker Markets Report, Dell SecureWorks engaged two of our top intelligence analysts from our CISO INTEL Team. The team members spend time tracking hackers on the numerous underground hacker forums and marketplaces all over the world. While much of the cybercrime hitting organizations throughout the world is the result of cooperation by hackers working outside the confines of publicly-accessible marketplaces, these underground forums provide a small window into the world cybercriminals occupy. In this report, we concentrated on marketplaces located on the Russian Underground and on English-speaking marketplaces between Q3 2015 and Q1 2016.

This report provides a technical investigation of the malicious components involved in the attack that infected over 500,000 routers and network storage devices.

To help businesses understand implications of such changes and navigate the road ahead, Experian Data Breach Resolution has developed six key predictions about how the data breach industry will evolve in 2015. These predictions are based on experience helping more than 3,000 companies manage breaches of all types in 2014 and conversations with leaders across the security landscape. With this mindset, they also looked back at how our 2014 predictions played out.

The report introduces the Chain of Compromise as an analytical concept to help readers, particularly those working in cyber security and information technology roles, understand how attackers compromise security using different combinations of tactics and resources. Some of 2015’s most prominent threats, such as exploit kits, ransomware, and DNS hijacks, are discussed in relation to this model, demonstrating how users become compromised by modern cyber attacks.

This report will provide insights about the depth and breadth of fraud activity across a variety of industries from a data set of more than half a billion calls.

This annual report takes a look at the security events of 2017 and projects what is to come in 2018.