In this report, BlackBerry researchers reveal what the focus on those groups has overshadowed: several governments with well-established cyber capabilities have long ago adapted to and exploited the mobile threat landscape for a decade or more. In this context, mobile malware is not a new or niche effort, but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere.

In our 3rd annual Global Password Security Report, we strive to share interestingand helpful insights into employee password behavior at businesses around theworld. We want to help IT and security professionals understand the greatestobstacles employees face when it comes to passwords, learn how to addresschallenges of managing and securing data in today’s digital workplace and enablethem to see how their businesses’ password security practices measure up. Thisyear, we’re bringing even more data points to the table.

This report covers connectivity trends for 2020. It goes over four main key findings, including that data silos are slowing digital transformation, that organizations are reaping the benefits of APIs, that IT teams with an API strategy drive greater business outcomes, and that top-down API strategies are the most effective.

This report from Outsystems is based off of a survey of over 3,300 companies. It had 5 key things they looked into: How organizations’ app dev practices adapt to meet digital transformation and agility objectives, challenges in meeting application development goals, strategies IT teams use to speed up application delivery, and if these strategies are working to overcome resource constraints and reduce backlogs.

The LexisNexis® Risk Solutions Cybercrime Report is based on cybercrime attacks detected by the LexisNexis® Digital Identity Network® from January – June 2019, during real-time analysis. It covers the digital identity network, and attacks on “high-risk” transactions.

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. Their research also reveals best practices exhibited by exemplary open source software projects and exemplary commercial application development teams.

Positive Technologies experts regularly perform security analysis of mobile applications. This report summarizes the findings of their work performing security assessment of mobile apps for iOS and Android in 2018.

The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more. The research surveyed both manufacturers and users of IoT devices in five countries – China, Germany, Japan, the UK and the US. The research was fielded online by Vanson Bourne from March – April 2019.

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

This unique report takes a hard look at scams that focus on tax reporting and the filing of taxes.

This very thorough report offers insight into the future of the Mobile trends of 2019.

This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 million tweets that matched the word “brexit” published by 1.65 million users.

From the report, “Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].” Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.”

This infographic provides insight into the cyber security worries of Smart Cities.

This paper is a follow-up to IOActive’s 2016 report1 on vehicle vulnerabilities. The goal of this paper is to revisit the topic using data from the past two years (2016, 2017) and to compare this information to previous findings to analyze how the industry is progressing.

This paper demonstrates vulnerabilities that affect numerous traders. Among them are unencrypted authentication, communications, passwords, and trading data; remote DoS that leaves applications useless; trading programming languages that allow DLL imports; insecurely implemented chatbots; weak password policies; hardcoded secrets; and poor session management. In addition, many applications lack countermeasures, such as SSL certificate validation and root detection in mobile apps, privacy mode to mask sensitive values, and anti-exploitation and antireversing mitigations.

From the Report, “This paper is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. While we assist the vendors in addressing the cybersecurity vulnerabilities identified, we want to describe the currently available technology, some of the threats posed by a compromised robot, and the types of cybersecurity issues we discovered. The goal is to make robots more secure and prevent vulnerabilities from being used maliciously by attackers to cause serious harm to businesses, consumers, and their surroundings.”

3rd-party (aka supply-chain) cyber attacks were one of the main reasons for major data breaches in 2018. Here is a recap of 3rd-party data breaches that hit the news in 2018

This brief but important report offers information into the events and data from the holiday shopping season of 2018.

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. Additionally, we provide survey data (Portfolio Coverage, Pen Test Frequency) from 75 respondents in security, management, operations, DevOps, product, and developer roles. All data has been anonymized to protect the privacy of our contributors.

The State of Payment Processing & Fraud: 2018 Inaugural Survey & Report is a first-of-its kind study brought to you by Kount and The Fraud Practice. The inaugural survey reached hundreds of acquirers, processors, gateways, payment facilitators and issuers to get their take on the state of the industry and what is most critical for attracting and retaining clients and growing processing volumes.