This report presents data gathered between October–December 2018, along with previously collected data for historical comparisons. We examine which employees and organizational departments receive the most highly targeted email threats. Then we explore how they’re being attacked, analyzing attackers’ techniques and tools. Based on these findings, we recommend concrete steps organizations can take to build a defense that focuses on their people.

A study on the causes and evolution of Americans’ and Canadians’ stressors relating to cybersecurity and personal data protection

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. This report details the preliminary findings of the research and outlines the volume of SSL/TLS certificates for sale on the dark web, including information on how they are packaged and sold to attackers. These certificates can be used to eavesdrop on sensitive communications, spoof websites, trick consumers and steal data. The long-term goal of this research is to gain a more thorough understanding of the role SSL/TLS certificates play in the economy of the dark web as well as how they are being used by attackers.

This e-book provides a practical guide for security teams to “unlock” the power of intelligence.

This paper, published in partnership with the UC Berkeley Center for Long-Term Cybersecurity, highlights research indicating that “underserved” residents in San Francisco, California— including low-income residents, seniors, and foreign language speakers—face higher-than average risks of being victims of cyber attacks. They are less likely to know whether they have even been victimized by a cyber attack, and they have lower awareness of cybersecurity risks. Partly as a result, they are less likely to access online services. This cybersecurity gap is a new “digital divide” that needs to be addressed—with urgency—by the public and private sectors alike.

This unique report takes a hard look at scams that focus on tax reporting and the filing of taxes.

This white paper will guide security teams as they reexamine their approach to cloud-based email.

This paper will also explore the root causes of poor data quality and a solution for organizations seeking data quality improvement.

This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.

This report offers information on Mobile Phishing from data researched in 2018.

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

The ninth annual cost of cybercrime study helps to quantify the economic cost of cyberattacks by analyzing trends in malicious activities over time.

Akamai provides a thorough report to educated the industry on the attacks that are growing, evolving, and becoming more sophisticated.

Upon request by the United States Senate Select Committee on Intelligence (SSCI), New Knowledge reviewed an expansive data set of social media posts and metadata provided to SSCI by Facebook, Twitter, and Alphabet, plus a set of related data from additional platforms. The data sets were provided by the three primary platforms to serve as evidence for an investigation into the Internet Research Agency (IRA) influence operations.

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

Zero Trust threat detection and response technologies are increasingly critical to securing customers and protecting the firm’s brand. To accelerate their performance in threat detection and response, companies are evaluating and adopting a range of contributing technologies. This Forrester Tech Tide™ report presents an analysis of the maturity and business value of the 18 technology categories that support Zero Trust threat detection and response. Security professionals should read this report to shape their firm’s investment approach to these technologies.

This alert contains two recommendations directing actions Federal Emergency Management Agency (FEMA) should take to safeguard both Personally Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) of disaster survivors and prevent additional privacy incidents similar to one we identified during our ongoing audit of FEMA’s Transitional Sheltering Assistance (TSA) program. FEMA concurred with both recommendations.

This quarterly threat report offers insight into the DDoS attacks that occurred in the 4th quarter of 2018.

This report begins with an interesting paragraph, “Bad actors need to launder the $US 1.7 billion of cryptocurrency stolen and scammed in 2018. Furthermore, they need to get it all done before tough new global anti-money laundering (AML) and counter terror financing (CTF) regulations go into effect over the next year.” Read on to learn how this paragraph is important.

Bitglass’ fifth annual Healthcare Breach Report analyzes the data from the US Department of Health and Human Services’ “Wall of Shame.” The database contains information about breaches of PHI that affected more than 500 individuals.

Using information from Rapid7’s Project Sonar internet telemetry service, this report reviews several dimensions of demonstrated security controls for companies in the S&P 200 and ASX (Australian) stock indices.