This report is a discussion of the findings and trends of 169 ransomware incidents affecting state and local governments since 2013.

A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2000, as Amended

This report offers quantitative findings from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviors. The findings are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behavior amongst the public in protecting themselves against cyber threats.

This third Hiscox Cyber Readiness Report provides you with an up-to-the-minute picture of the cyber readiness of organisations, as well as a blueprint for best practice in the fight to counter the ever-evolving cyber threat.

The Hiscox Cyber Readiness Report is compiled from a survey of more than 4,100 executives, departmental heads, IT managers and other key professionals in the UK, US, Germany, Spain and The Netherlands. Drawn from a representative sample of organisations by size and sector, these are the people on the front line of the business battle against cyber crime. While all are involved to a greater or lesser extent in their organisation’s cyber security effort, 45% make the final decision on how their business should respond. The report not only provides an up-to-the-minute picture of the cyber readiness of organisations large and small, it also offers a blueprint for best practice in the fight to counter an ever-evolving threat.

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. This report details the preliminary findings of the research and outlines the volume of SSL/TLS certificates for sale on the dark web, including information on how they are packaged and sold to attackers. These certificates can be used to eavesdrop on sensitive communications, spoof websites, trick consumers and steal data. The long-term goal of this research is to gain a more thorough understanding of the role SSL/TLS certificates play in the economy of the dark web as well as how they are being used by attackers.

As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you. That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future.

This report offers new insights into ransomware and the issues related to this problem.

The 2018 Endpoint Security Report reveals the latest endpoint security trends and challenges, why and how organizations invest in endpoint security, and the security capabilities companies are prioritizing.

To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence via the 2019 SonicWall Cyber Threat Report.

Akamai provides a thorough report to educated the industry on the attacks that are growing, evolving, and becoming more sophisticated.

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy?” That root sprouted into a four-part blog series and a panel discussion a year later where we analyzed 25 years of session titles in honor of the 25th anniversary of RSA Conference.”

Indegy provides a helpful graphic designed to reveal seven critical areas in the area of industrial cyber security.

This report reveals that globally, in any given month, home users are twice as much at risk of encountering any type of malware, with a 20.09% chance of infection; business users, on the other hand, have a 10.87% chance of getting attacked, generally because they often have more layers of protection in place. The more people and businesses depend on computers, along with the type of activities carried out on them and the data these PCs hold, the greater consequences and damage malware attacks can cause.

From the report, “To generate this report, Coronet analyzed an enormous set of data comprised of both access and service threats. The data originated from Wi-Fi and cellular networks, devices spanning all operating systems and public network connectivity infrastructure. The data was aggregated and evaluated based on potential damage that could be caused by attackers and existing vulnerabilities in the 55 most populated DMAs, which together account for almost 70 percent of the entire U.S. population. The ranked results have been aggregated into regions which closely resemble Nielsen DMAs. Coronet ranked each city that was analyzed from most insecure to least vulnerable, with the most insecure cities scoring a 6.5 and above.” Read on to find out more.

In June of 2018 Claroty asked the experts about the state of industrial cybersecurity. This paper discusses what they said.

This infographic provides insight into the cyber security worries of Smart Cities.

From the report, “Welcome to Paladion’s Monthly Threat Report for October 2017. At Paladion CTAC we continuously track emerging threats and vulnerabilities to bring you timely, actionable threat intelligence. We provide this intelligence in machine-readable format from our Threat Intelligence Feeds, which can be directly integrated with your security devices. We also provide advisories on how you can prevent, detect, and respond to the latest threats as they happen. This report summarises the key findings of the stated month. It also contains insights related to threats and incidents that we have analysed.”

Welcome to the Monthly Threat Roundup report for November 2017. At Paladion CTAC we continuously track the emerging threats and vulnerabilities and provide you timely actionable intelligence to stay safe. We provide machine-readable intelligence in the form of IOCs, which can be directly integrated with your security devices. We also provide advisories on how you can prevent, detect and respond to latest attacker techniques. This report summarises the key findings of the stated month. It also contains insights related to threats and incidents that we have analysed.

This third edition of the Hacker’s Playbook Findings Report continues in the tradition of reporting enterprise security trends from the point of view of an attacker. The findings represent anonymized data from many millions of SafeBreach breach methods executed within real production environments. This edition includes existing Hacker’s Playbook Findings Report data and new data from deployments between January 2017 and November 2017, with a combination of over 3,400 total breach methods and almost 11.5 million simulations completed. This report reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness.

From the Report, “This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.”