High-functioning enterprises increasingly rely on ITAM practitioners to tackle new and evolving challenges. Saving money has increasingly become ITAM teams’ number one initiative, but new responsibilities don’t end there. FinOps teams, central cloud teams, security teams, ESG (environmental, social and governance) teams, ITSM teams and enterprise architecture teams are improving their business outcomes by leveraging data from ITAM teams and tools. This year’s survey is weighted more heavily toward larger companies, with 89% of respondents in organizations with more than 2,000 employees and 14% in organizations with more than 50,000 employees.

The report evaluates the responses of 465 global IT professionals who manage, advise, and participate in ITAM, SAM, and HAM activities in organizations of 1,000 or more employees. The insights gleaned from these responses provide vision into the strategic initiatives across these ITAM practices and practitioners.

As remote employees use work devices for personal activities, and personal devices for work activities, cloud-based apps – especially unauthorized cloud apps – are more popular than ever. But they also deliver significant risk, with Remote Desktop Protocol (RDP) alone serving as the vehicle of choice for as much as 55% of ransomware attacks. This report explores how cloud-based apps – from storage services to social media apps – threaten your network security.

This is a report based on a 2020 survey of remote workers. It emphasizes the disconnect between the company and the worker associated with remote work.

Uses survey-based polling to identify common challenges organizations face in managing third part risk management (TPRM) programs. Also provides analysis on some possible ways of addressing these concerns.

This paper demonstrates vulnerabilities that affect numerous traders. Among them are unencrypted authentication, communications, passwords, and trading data; remote DoS that leaves applications useless; trading programming languages that allow DLL imports; insecurely implemented chatbots; weak password policies; hardcoded secrets; and poor session management. In addition, many applications lack countermeasures, such as SSL certificate validation and root detection in mobile apps, privacy mode to mask sensitive values, and anti-exploitation and antireversing mitigations.

This report takes an inside look at Industrial Control Systems and the need for them to be updated for the new Cyber Security Threats.

This survey, representing the voice of 2,076 IT professionals, demonstrates that DevSecOps practices continue to mature rapidly and that, once automated, security is difficult to ignore.

Spyglass Consulting Group conducted a primary research study to identify the market opportunities and challenges for healthcare provider organizations to leverage an enterprise-class secure communications platform to address the communications requirements associated with complex clinical workflows.

During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first observed use of this technique by APT28. The use of DDE with PowerShell allows an attacker to execute arbitrary code on a victim’s system regardless whether macros are enabled. (McAfee product detection is covered in the Indicators of Compromise section at the end of the document.)

CopyKittens is a cyberespionage group that has been operating since at least 2013. In November 2015, ClearSky and Minerva Labs published1 the first public report exposing its activity. In March 2017, ClearSky published a second report2 exposing further incidents, some of which impacted the German Bundestag. In this report, Trend Micro and ClearSky expose a vast espionage apparatus spanning the entire time the group has been active. It includes recent incidents as well as older ones that have not been publicly reported; new malware; exploitation, delivery and command and control infrastructure; and the group’s modus operandi. We dubbed this activity Operation Wilted Tulip

This is a threat advisory for the Tiscali App.

This report takes a look at the harmful practice of web scraping.

A Bulleton recapping headlines and stores in the Global Insurance and Regulatory industry.

This is a brief introduction to Mobile Cyber Security