Wakefield Research partnered with Webroot to conduct an online quantitative research study among U.S. consumers to:

• Better understand attitudes, perspectives, and behaviors related to cyber hygiene
• Based on this data, create a risk index (“Cyber Hygiene Risk Index”) to assess the risks associated with susceptibility to cybercrime in each state, ranking the states to determine the riskiest and least risky states in the U.S.
• Further analyze respondents’ susceptibility to risk by using a series of custom demographic and psychographic metrics to get a more nuanced understanding of what is behind cyber-hygiene levels

Lares encounters a seemingly endless number of vulnerabilities and attack vectors when we conducta penetration test or red team engagement, regardless of organization size or maturity. Though notevery engagement is identical, we have analyzed the similarities between hundreds of engagementsthroughout 2019 and the following list represents the most frequently observed penetration test findings we encountered.

F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. Numerous governments, security firms, researchers, reporters, academics, and victims have released reports detailing different facets of the GRU’s activities. Our review identified more than 200 cyber incidents, spanning 15 years (2004–2019), targeting governments, the private sector, and members of civil society. These operations have discovered and disclosed secrets, defamed people, disinformed populations, and destroyed or disrupted computerized systems.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

This report from Pew Research Center goes over how and where the average person’s personal information is used online. It goes over the lack of control most people feel, who collects your data, the lack of understanding people have over who uses their data, and how people think about the privacy and vulnerability of their personal data.

Bomgar outlines how to defend against security threats, showing two distinct groups of threats, prevention techniques, etc.

A survey of over 250 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

Bryan Cave Leighton Paisner began its survey of data breach class action litigation six years ago to rectify the information gap and to provide our clients, as well as the broaderlegal, forensic, insurance, and security communities,with reliable and accurate information concerning the risk associated with data breach litigation. Our annual survey continues to be the leading authority on data breach class action litigation and is widely cited throughout the data security community.

From the report, “From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. In this special edition of the State of the Internet / Security Report, we’re focusing on data within the high tech, video media, and entertainment sectors — collectively named Media & Technology.”

This report takes a look at how Russia’s nationalism along with new internet laws are fueling Russian cybercrime.

This technical whitepaper explains the challenges cybersecurity professionals face, how they’re prioritizing vulnerabilities today and how they can dramatically improve cyber risk management with Predictive Prioritization – the process of re-prioritizing vulnerabilities based on the probability that they will be leveraged in an attack.

This poll was conducted from April 23-24, 2019, among a national sample of 2201 U.S. Adults. The interviews were conducted online and the data were weighted to approximate a target sample of Adults based on age, race/ethnicity, gender, educational attainment, and region. Results from the full survey have a margin of error of plus or minus 2 percentage points.

This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. One reason gaming is so lucrative is the trend of adding easily commoditized items for gamers to consume, such as cosmetic enhancements, special weapons, or other related items. Gamers are also a niche demographic known for spending money, so their financial status makes them tempting targets. We began collecting credential abuse data at the beginning of November 2017 and chose to use the same period with our application attack data to make direct comparisons between plots easier for readers.

This monthly report offers insights into the PDS2 regulations and news.

This report offers monthly insights into the PSD2 regulations.

This report offers quantitative findings from a study of UK individuals to measure and understand awareness and attitudes towards cyber security, and related behaviors. The findings are part of a wider research project to provide insight to inform HM Government’s approach to encourage positive behavior amongst the public in protecting themselves against cyber threats.

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. A significant number of these vulnerabilities are exploitable and have remote code execution capabilities, changing their status from a potential threat to an active and live cyber risk exposure point. While our findings naturally focus on the most recent data, the report includes more than 20 years of data from 1996 through 2018, allowing us to see long-term trends.

This report presents data gathered between October–December 2018, along with previously collected data for historical comparisons. We examine which employees and organizational departments receive the most highly targeted email threats. Then we explore how they’re being attacked, analyzing attackers’ techniques and tools. Based on these findings, we recommend concrete steps organizations can take to build a defense that focuses on their people.

In this report, we’re going to give you an overview of the credential stuffing attacks in 2018 against the aforementioned sectors and look at the risks these attacks pose. We’ll also explore some of the ways adversaries conduct these attacks.

This white paper will guide security teams as they reexamine their approach to cloud-based email.