Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. (more available)

Positive Technologies experts regularly perform security analysis of mobile applications. This report summarizes the findings of their work performing security assessment of mobile apps for iOS and Android in 2018. (more available)

This report details the Industry Average detection efficacy of the leading MTD solutions used against malicious applications, network attacks and device vulnerabilities. (more available)

This paper, published in partnership with the UC Berkeley Center for Long-Term Cybersecurity, highlights research indicating that “underserved” residents in San Francisco, California— including low-income residents, seniors, and foreign language speakers—face higher-than average risks of being victims of cyber attacks. (more available)

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers. (more available)

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

This report reveals that globally, in any given month, home users are twice as much at risk of encountering any type of malware, with a 20. (more available)

From the report, “To generate this report, Coronet analyzed an enormous set of data comprised of both access and service threats. (more available)

This report takes a specific look back at connected medical device events that occurred in 2017.

From the report, “Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. (more available)

From the Report, “This paper is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. (more available)

From the report, “It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. (more available)

From the report, “For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. (more available)

From the report, “The 2018 Mobile Payments and Fraud Survey marks the sixth consecutive year of this study. This year’s report, with nearly 600 merchant respondents, is focused on understanding the growth, challenges and developments in the mobile channel. (more available)

This report examines trends in vulnerabilities, exploits and threats in order to better align your security strategy with the current threat landscape. (more available)

In 2016, Rapid7 Labs launched the National Exposure Index in order to get a measurable, quantitative answer to a fairly fundamental question: What is the nature of internet exposure—services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet—and where, physically, are these exposed services located? (more available)

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach. (more available)

From the report, “Over the past few year’s attackers have exploited this opportunity, and as documented in our Anatomy of an Attack (AOA) report, have compromised a wide variety of manufacturing control systems. (more available)

This report takes an inside look at the Cyber Security challenge for healthcare today and more specifically looks at the medical device security challenge. (more available)

This report offers a variety of case studies that highlight the challenges in the Healthcare Network.

From the report, “For security teams, the sheer depth and breadth of what they need to defend may seem daunting, but thinking about the Internet from an attacker’s perspective —a collection of digital assets that are discoverable by hackers as they research their next campaigns— can put the massive scope of their organization’s attack surface into perspective. (more available)