This report offers insight into authentication. It discusses some key problems with various standard authentication processes and highlights ways that authentication can be improved.

As account opening continues to transition from physical to digital channels, financial institutions, issuers, lenders, and other organizations must optimize the digital experience of applicants in order to compete. At the same time, fraud is on the rise as criminals have become more successful than ever, thanks to some of the same digital channel benefits enjoyed by consumers: convenience, speed, and ease of use. To achieve the necessary balance between preventing fraud and providing a delightful experience for consumers, an approach to identity proofing that accounts for the channel, product, customer, and threat environment is absolutely critical. But regardless of the approach, inconspicuous solutions — like those based on applicant behavior — have a distinct role to play in how institutions manage the risk of application fraud.

This whitepaper is intended to help firms identify the symptoms of SOC Analyst fatigue, recognize the underlying causes and evaluate recommendations for addressing the problem.

This report examines trends in vulnerabilities, exploits and threats in order to better align your security strategy with the current threat landscape. Incorporating such intelligence to vulnerability management programs begins to put vulnerabilities in risk–based context and helps to focus remediation on vulnerabilities most likely to be used in an attack. This is an update to a report published in January 2018 to reflect mid–year trends. All statistics for 2018 reflect data from the first half of the year — January 1, 2018 through June 30, 2018.

The 2019 Vulnerability and Threat Trends Report examines new vulnerabilities published in 2018, newly developed exploits, new exploit–based malware and attacks, current threat tactics and more. Such analysis helps to provide much needed context to the more than 16,000 vulnerabilities published in the previous year. The insights and recommendations provided are there to help align security strategies to effectively counter the current threat landscape. Incorporating such intelligence in vulnerability management programs will help put vulnerabilities in a risk based context and focus remediation on the small subset of vulnerabilities most likely to be used in an attack.

From the report, “As the hype and soaring price of cryptocurrency has drawn in thousands of new players worldwide, generating a single bitcoin takes a lot more servers than it used to. It is becoming an arms race amongst miners for access to CPUs, GPUs and even electricity. As a result, we are starting to see a cryptojacking epidemic and hackers aren’t sparing anyone; they are targeting everyone from consumers to large multinational organizations.”

This report measures the difference in days between when an exploit for a vulnerability becomes publicly available (Time to Exploit Availability) and when a vulnerability is first assessed (Time to Assess). A negative delta indicates that the attacker has an opportunity to exploit a vulnerability before the defender is even aware of the risk. The sample set used for this analysis is based on the 50 most prevalent vulnerabilities from nearly 200,000 unique vulnerability assessment scans.

This report is based on the results of a comprehensive online survey of 437 cybersecurity professionals conducted from June through August 2018 to gain deep insights into the latest application security threats faced by organizations and the solutions to prevent and remediate them. The respondents range from executives to managers and IT security practitioners. They represent organizations of varying sizes across many industries.

This report takes a look at the threat intelligence of organizations surveyed in 2018. Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats.

This unique report offers insight into the world of hackers. It seeks to stand apart from other annuals and quarterlies by presenting information other reports are not discussing.

From the report, “Before we begin the 2018 Black Report in earnest, it’s important to understand who our respondents are. Last year, we focused on people who referred to themselves as hackers or professional penetration testers. This year, we broadened our survey to include incident responders. These guys deal first-hand with hackers and the aftermath of data breaches. And as you’ll see, their perspective provided a tremendously valuable contribution to the results of the survey.” Read on to find out more.

From the report, “To understand current levels of exposure and resiliency, Rapid7 Labs measured 4532 of the 2017 Fortune 500 List3 for: • Overall attack surface (the number of exposed servers/devices); • Presence of dangerous or insecure services; • Phishing defense posture; • Evidence of system compromise; • Weak public service and metadata configurations; and • Joint third-party website dependency risks.” Read on to find out more.

From the report, “This quarter’s report covers three main areas of concern for the modern IT defender: • First, credential theft, reuse, and subsequent suspicious logins are—today— the most commonly reported significant incident we’re seeing across both small (<1,000 endpoints) and large organizations (≥1,000 endpoints). • Second, the DDoS landscape just got a lot more interesting with the debut of a new technique using misconfigured—and plentiful—memcached servers. • Finally, we take a look at the increasing levels of SMB and Cisco SMI attacker probes and attacks, where the former continues to define the “new normal” level of background malicious behavior around Windows networking, and the latter begins to bring shape to this relatively new attack vector targeting core router infrastructure.” Read on to find out more.

From the report, “What does 2018 hold in store for the defenders? Unfortunately, more of the same security drama, according to Cybereason’s researchers and analysts. Specifically, they identified the following as some of the bigger security trends in the new year: 01. Supply Chain Attacks Increase & Remain Underreported 02. Destructive Attacks Do Not Let Up 03. The Line Blurs Between APT Actors & Cybercriminals 04. Fileless Malware Attacks Become Ubiquitous” Read on to find out more.

This report offers the following highlights - Case study of a Fortune 50 organization breached via social media, Deep dive into each layer of the new attack chain, A detailed look at impersonation accounts and hijacked accounts, a new staple in the attack lifecycle, Tactics, techniques, and procedures (TTPs) used by the modern attacker on social media, Recommendations and best practices for updating your security posture.

Fraudulent accounts run rampant on social media. But what are they up to, what cyber attacks are they launching? ZeroFOX Research investigates 40,000 fake accounts to find out.

Social media has become a major platform for financial institutions to engage customers, grow their business, and promote offers and services. However, scammers and cybercriminals have adopted the platform as well, exploiting the low technical barriers, ease of target acquisition, ease of payload delivery, and broad access to potential victims.

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach.

From the report, “In the first installment of the 2019 Security Report ‘CyberAttack Trends Analysis’, we reviewed the latest trends and threats facing the IT security industry today. We assessed the major incidents that impacted organizations over the past year along with our commentary and insights regarding them. These trends fell into the categories of Cryptominers, Ransomware, Malware Methodology, Data Breaches, Mobile and Nation State Cyber Attacks. In this installment we zone in on an underlying trend that lies behind all of the above categories, the democratization of cyber crime.” Read on to find out more.

This White Paper attempts to paint a comprehensive picture of the file-borne threat crisis facing health insurance companies due to the tight connection with medical institutions and the immense number of files shared and transferred between the two sectors, as well as explain why current security systems and industry regulations fail to adequately meet this sophisticated threat, and what measures can be taken to guard against it without investing in security infrastructure.

This report includes detailed technical information discovered during our analysis of the forensics artifacts collected from the affected systems by the AIR Module. The report provides detailed information about the key processes used by AIR to review the malicious activity and detect the infection quickly. We also break down the encoding techniques, the registry operation, and the protection and communication mechanisms used by Kovter.