NopSec has pioneered the research, measurement, and analytics of vulnerability threats since 2013. Its annual State of Vulnerability Risk Management reports are widely used and cited in the cybersecurity industry for its insights and actionable information. As presented in this report, vulnerability threats are ever more expanding and evolving, and NopSec is once again leading the research for new ways to expose these threats and protect valuable assets from getting compromised.

This year, NopSec predicts that the biggest cyber threats will be massive data breaches, ransomware, opportunistic crypto-mining attacks and IoT hacking.

This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.

This year’s Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” addresses the quickening pace and increasing sophistication in adversary tactics, techniques and procedures (TTPs) over the past year — and in particular, highlights the critical importance of speed in staying ahead of rapidly evolving threats.

This annual report from Symantec offers insights into formjacking, cryptojacking, ransomware, supply chain attacks, targeted attacks, the cloud, IoT, and even discusses Election Interference. As always the facts and figures are intriguing. Read on!

From July 2017 through June 2018, Secureworks CTU researchers analyzed incident response outcomes and conducted original research to gain insight into threat activity and behavior across 4,400 companies. This report offers answers and insights from their key findings. Read on to learn more.

The 2018 Internet Organised Crime Threat Assessment (IOCTA), has been and continues to be one of the flagship strategic products for Europol. It provides a unique law enforcement focused assessment of the emerging threats and key developments in the field of cybercrime over the last year.

This report analyzes many of the cyber security situations from 2018 and offers some predictions for 2019.

This report takes a look at many of the cyber security events that took place in 2017 and discusses what they could mean for 2018.

The 2019 Endpoint Security Survey Report reveals the latest endpoint security trends and challenges, why and how organizations invest in endpoint security, and the security capabilities companies are prioritizing.

This report takes a closer look at the threat of friendly fraud, by first explaining the spectrum of friendly fraud and exploring whether merchants and issuers are in fact “training” cardholders to initiate disputes. It also examines the balancing act that merchants and issuers must navigate while trying to reduce friendly fraud, while also preserving important customer relationships. Lastly, it details how two companies are addressing the problem, and then outlines six best practices for controlling the damage.

From the report, “The second Lloyd’s City Risk Index, based on original research by the Centre for Risk Studies at Cambridge University’s Judge Business School, details the risk landscape in the world’s leading 279 cities, responsible for 41% of global economic output in 2018. The data contained in this report will help policymakers, businesses and insurers make cities more resilient. Risk is managed most effectively by societies who anticipate and learn from each disruptive event, making the next generation safer.” Read on to find out more.

This report explores how a ransomware attack might take place and what the impacts would be on governments, businesses, and the insurance sector. In the scenario, the malware enters company networks through a malicious email, which, once opened, encrypts all the data on every device connected to the network. The email is forwarded to all contacts automatically to infect the greatest number of devices. Companies of all sizes and in all sectors are forced to pay a ransom to decrypt their data or to replace their infected devices.

This report examines trends in vulnerabilities, exploits and threats in order to better align your security strategy with the current threat landscape. Incorporating such intelligence to vulnerability management programs begins to put vulnerabilities in risk–based context and helps to focus remediation on vulnerabilities most likely to be used in an attack. This is an update to a report published in January 2018 to reflect mid–year trends. All statistics for 2018 reflect data from the first half of the year — January 1, 2018 through June 30, 2018.

The 2019 Vulnerability and Threat Trends Report examines new vulnerabilities published in 2018, newly developed exploits, new exploit–based malware and attacks, current threat tactics and more. Such analysis helps to provide much needed context to the more than 16,000 vulnerabilities published in the previous year. The insights and recommendations provided are there to help align security strategies to effectively counter the current threat landscape. Incorporating such intelligence in vulnerability management programs will help put vulnerabilities in a risk based context and focus remediation on the small subset of vulnerabilities most likely to be used in an attack.

This report measures the difference in days between when an exploit for a vulnerability becomes publicly available (Time to Exploit Availability) and when a vulnerability is first assessed (Time to Assess). A negative delta indicates that the attacker has an opportunity to exploit a vulnerability before the defender is even aware of the risk. The sample set used for this analysis is based on the 50 most prevalent vulnerabilities from nearly 200,000 unique vulnerability assessment scans.

This infographic provides brief insight into the corresponding 2019 Threat and Vulnerability Trends report.

From the report, “Before we begin the 2018 Black Report in earnest, it’s important to understand who our respondents are. Last year, we focused on people who referred to themselves as hackers or professional penetration testers. This year, we broadened our survey to include incident responders. These guys deal first-hand with hackers and the aftermath of data breaches. And as you’ll see, their perspective provided a tremendously valuable contribution to the results of the survey.” Read on to find out more.

From the report, “For the State of the Federal IT Landscape report, OneLogin commissioned CITE Research to conduct an online, in-depth survey of 150 federal IT professionals in the United States. The goal of the survey was to understand: The current federal IT landscape, Security concerns and challenges facing federal agencies, IT plans with regard to the cloud, Technologies in use or being considered to address concerns. This survey was conducted in late October of 2018.” Read on to find out more.

From the report, “What does 2018 hold in store for the defenders? Unfortunately, more of the same security drama, according to Cybereason’s researchers and analysts. Specifically, they identified the following as some of the bigger security trends in the new year: 01. Supply Chain Attacks Increase & Remain Underreported 02. Destructive Attacks Do Not Let Up 03. The Line Blurs Between APT Actors & Cybercriminals 04. Fileless Malware Attacks Become Ubiquitous” Read on to find out more.

“The people, not just tools, are the key to enterprise cyber security. It’s time to devise an actionable plan to make sure every member of your organization is cyber-ready. In this guide, we will present a basic framework for optimizing the types, frequency and costs of security simulation training for the entire enterprise.”