A survey-based review of how and why organizations are adopting cloud technologies, specifically from a business growth perspective. Makes some specific recommendations and has discussion on CASB solutions.

This report covers penetration prevention in the last year. It covers changes in penetration prevention such as the levels of risk incurred by applications, the way the shift to the cloud affects risk, and how the size of the business affects risk.

A survey based report on the attitudes and beliefs of security professionals to the challenges and opportunities in cloud security.

From the report, “How do we actually “play the hacker”? We do this by deploying simulators that play the role of a “virtual hacker” across endpoints, network and cloud, and execute breach methods from our hacker’s playbook. Our findings are incorporated in this report, and analyzed by SafeBreach Labs, with the hope that security teams can glean some interesting insights into the things not to do in their environment.”

This case study, focuses on one of Claroty’s power plant installations. It illustrates challenges and solutions that are both unique to the power generation sub-segment, as well those that apply to the broader context of OT cybersecurity.

This report takes an inside look at Industrial Control Systems and the need for them to be updated for the new Cyber Security Threats.

3rd-party (aka supply-chain) cyber attacks were one of the main reasons for major data breaches in 2018. Here is a recap of 3rd-party data breaches that hit the news in 2018

AlgoSec recently surveyed 450 C-level executives and senior security and network professionals to investigate the hybrid cloud security strategies of their organizations. The survey revealed that many organizations are embracing hybrid cloud as part of their enterprise infrastructure, and plan to increase their adoption of cloud platforms over the next three years. However, the majority of enterprises do have some serious security concerns and encounter significant challenges when managing security across hybrid environments, both during and after cloud migrations.

In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML) algorithm to identify four distinct strategies, or “styles.” These are based on five VA key performance indicators (KPIs) which correlate to VA maturity characteristics. This study specifically focuses on key performance indicators associated with the Discover and Assess stages of the five-phase Cyber Exposure Lifecycle. During the first phase – Discover – assets are identified and mapped for visibility across any computing environment. The second phase – Assess – involves understanding the state of all assets, including vulnerabilities, misconfigurations, and other health indicators. While these are only two phases of a longer process, together they decisively determine the scope and pace of subsequent phases, such as prioritization and remediation. The actual behavior of each individual enterprise in the data set, in reality, exhibits a mixture of all VA Styles. For the purposes of this work, enterprises are assigned to the specific style group with which they most closely align. We provide the global distribution of VA Styles, as well as a distribution across major industry verticals.

This is a threat focus report on Drupalgeddon2

Ponemon Institute is pleased to present the findings of Assessing the DNS Security Risk, sponsored by Infoblox. The purpose of this study is to understand the ability of organizations to assess and mitigate DNS risks. As part of the research, an online index has been created to provide a global measure of organizations’ exposure to DNS security risks and assist them in their response to DNS security risks.

From the report, “This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends, Examples of ill-prepared organizations and the devastating effects of the breaches they suffered, Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution. This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.”

This guide is designed to help enterprises endpoint security solutions.

In this research, Digital Shadows assessed the sensitive data exposed from some of the most ubiquitous file sharing services across the Internet. We found over twelve petabytes of publicly available data across open Amazon S3 buckets, rsync, SMB, FTP servers, misconfigured websites, and NAS drives.

This report takes a look at the cyber threats that occurred when the US recognized Jerusalem as the Capital of Israel.

Everything you wanted to know about log management but were afraid to ask.

From the Report, “Through analysis of billions of anonymized cloud events across a broad set of enterprise organizations*, we can determine the current state of how the cloud is truly being used, and where our risk lies. Consider that nearly a quarter of data in the cloud is sensitive, and that sharing of sensitive data in the cloud has increased 53% year-over-year. If we don’t appropriately control access and protect our data from threats, we put our enterprises at risk.”

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. We also discovered and analyzed live, misconfigured malicious command and control servers (C2), from which we were able to identify how the attacker gets new, infected apps to secretly install and the types of activities they are monitoring. In addition, we uncovered the IMEIs of the targeted individuals (IMEIs will not be shared publicly for the privacy and safety of the victims) as well as the types of exfiltrated content.

This document discusses the vulnerabilities discovered by edgescanTM over the past year – 2016. The vulnerabilities discovered are a result of providing “Fullstack” continuous vulnerability management to a wide range of client verticals; from Small Businesses to Global Enterprises, From Telecoms & Media companies to Software Development, Gaming, Energy and Medical organisations. The statistics are based on the continuous security assessment & management of over 57,000 systems distributed globally.

This is a yearly report based on the activities of CERT Polska for the year 2015. Polish authorities, well aware of the dangers, commissioned this report containing proposals for the organization of the defenses system of the syberspace of the Republic of Poland.

This report takes a look at the DDoS threats that occurred in the fourth quarter of 2017.