This is a Quarterly Report that looks at Cyber security issues in New Zealand and around the world.

This Quarterly report offers key takeaways from the third Quarter of 2017. Those takeaways come from Email, Exploit Kits, Web-Based Attacks, and Social Media and Domain Research.

This report discusses a new kind of Remote Access Trojan at use in ASIA, and looks at its connection with the Chinese Government.

Rogueware has been reborn in the Android ecosystem, particularly on Google Play. This research paper reveals that hundreds of antivirus and optimization tool apps on Google Play mislead users into believing that they have a virus or performance problems on their devices to manipulate them to install other fake tools.

This white paper will describe how the right infrastructure foundation can assist GDPR compliance, while contributing to your company’s stature in the digital age, as well as offer a checklist to ensure that new IT infrastructure purchases effectively support GDPR compliance.

If you are interested in looking about Bots that go undetected, this paper is for you.

This report takes a look at the reality that even though we spend lots of money to protect people from targeted attacks, they still continue to happen. Why are we missing the mark, and what can we change?

This paper will explore the business of hacking: the different ways people make money by hacking, the motivations, the organization. It will break down the businesses’ profitability and risk levels, and provide an overall SWOT analysis. From this, opportunities for disruption will be discussed and a competitive approach for disrupting the business of hacking will be laid out.

A key takeaway from this research is that accountability for managing third party risk is dispersed throughout the organization. Not having one person or function with ownership of the risk is a serious barrier to achieving an effective third part risk management program.

This report provides an analysis of TPM Genie. TPM Genie is a serial bus interposer which has been designed to aid in the security research of Trusted Platform Module hardware. The tool demonstrates that a man-in- the-middle on the TPM serial bus can undermine many of the stated purposes of the TPM such as measured boot, remote attestation, sealed storage, and the hardware random number generator.

In 2015, after two years of study and policy coordination, the United States and Japan publicly issued new defense guidelines, updating and expanding upon the previous guidance of 1997. The new guidelines enable a much broader set of cooperative engagements, including in geographic areas beyond the areas surrounding Japan and in the new domains of outer space and cyberspace.

This report offers insight into iOS11 and how Apple technology is providing useful resources to enterprises that are moving away from PC’s.

In this fourth annual State of Security Operations report, Hewlett Packard Enterprise provides updates to the current and emerging capabilities, best practices, and performance levels of security operations as learned from the assessment of organizations around the globe.

This paper will examine the ways attackers use files to deliver malware, the reasons these methods are effective, and the steps organizations should take to block these kinds of attacks.

GAO was asked to report on the major breach that occurred at Equifax in 2017. This report (1) summarizes the events regarding the breach and the steps taken by Equifax to assess, respond to, and recover from the incident and (2) describes actions by federal agencies to respond to the breach.

This report discusses the use of Bots in managing security risks for an organization. It specifically discusses the issures related to credential stuffing.

This report lays out a new strategy for addressing cybersecurity issues.

This report details observations of APT28’s, a Russian Sponsored cyber network, targeting, and an investigation into a related breach. They also provide an update on shifts in the group’s tool development and use, and summarize the tactics APT28 employs to compromise its victims.

In Beneath the Surface of a Cyberattack: A Deeper Look at Business Impacts, Deloitte has leveraged their experience with a variety of cyber incidents and their deep industry knowledge to illustrate how 14 impact factors—including many that are not often visible—can affect an organization in the days, months, and years following a cyberattack.

This report discusses the security concerns that have arisen about the new technology, blockchain.

The CRO Forum looked into the issues around cyber resilience in the paper it published in 2014. In this paper, cyber risk was defined as the risk of doing business in the cyber environment. This paper builds on the 2014 paper to focus on how to address the challenges around the collection of data to support improved cyber resilience.