For this year’s report, we have incorporated additional data from previous years to provide an enhanced view of the present threat climate. Additionally, given the prevalence of internal compromises over external, we chose to focus the bulk of our analysis on internal attack vectors, and then compared this data to maturity scores.

The 2022 State of Passwordless Security Report is based on a comprehensive survey of 411 technology professionals to explore the state of conventional and passwordless authentication, key drivers and barriers to adoption, and organizations’ technology preferences. Respondents range from technical executives to IT security practitioners, representing a cross-section of organizations of varying sizes across multiple industries.

This report is based on the results of a comprehensive online survey of 225 cybersecurity professionals, to gain more insight into the latest trends, key challenges, and solutions for malware and ransomware security. The respondents range from technical executives to managers and iT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely.

This whitepaper explains a new vulnerability in Windows Server that is highly exploitable.

The purpose of this research is to provide a comprehensive description of the technical details and approach IOActive used to discover vulnerabilities affecting widely deployed radiation monitoring devices. Our work involved software and firmware reverse engineering, RF analysis, and hardware hacking.

This report takes a look at the “Key Reinstallation Attack” VULN that works against all modern protected Wi-Fi- networks.

This report covers performance, security, and encryption essentials for online applications.

The purpose of this document is to provide answers to what to look for when choosing a security tool for remote access to internal applications.

This is a threat advisory for betFIRST mobile apps

This report is designed to inform you of the many dangers of Wi-Fi, and how to deal with them.

This report provides an analysis of TPM Genie. TPM Genie is a serial bus interposer which has been designed to aid in the security research of Trusted Platform Module hardware. The tool demonstrates that a man-in- the-middle on the TPM serial bus can undermine many of the stated purposes of the TPM such as measured boot, remote attestation, sealed storage, and the hardware random number generator.

This report looks at data from the mobile estates of global asset management and investment firms; providing analysis, benchmarking and best practice guidance on keeping mobile devices secure and managing data consumption.

This book provides some good guidance for app security testing. It seeks to assist enterprises with solving the issues surrounding app security.

This is a threat advisory for CBS mobile apps & website

This is a threat advisory for CardCrypt