We built our 2020 Threat Insights Report on this foundation, to help guide you in protecting against what’s to come. Because moving forward, the right combination of protections is not a difference between one cybersecurity solution or another; it’s the difference between being protected against tomorrow’s threats or becoming their prey. (more available)

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products. (more available)

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. (more available)

This document recommends best practices for endpoint security in industrial applications under the broader scope of industrial internet security.

From the report, “An OS-Centric Positive Security isn’t a silver bullet, but it can be a tremendously valuable and complementary defense mechanism—your second or last line of defense. (more available)

Insider threats, such as those associated with the Marriott breach, are considered one of the top concerns in IT security due to the devastating impact on business, reputation, loss of sensitive data, and significant fines. (more available)

This Morphisec Labs Threat Report is based on anonymized threat data collected from approximately 2,000,000 installed Morphisec endpoint agents as well as in-depth investigations conducted by Morphisec researchers. (more available)

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video capture, file transfers, password theft, system administration, traffic relaying, and more. (more available)

In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. (more available)

In this whitepaper you will learn what endpoint privilege management is and how an effective approach significantly enhances an organization’s security against rising cyber crime. (more available)

In 2017, the Australian Signals Directorate (ASD) updated its list of mitigation strategies designed to help organisations reduce the risk of unauthorised access and minimise the exposure of sensitive information in case of a breach. (more available)

This paper answers questions about what the deserialization vulnerability is, and what the challenges are to solving it.

As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. (more available)

This paper discusses the specific issue of malware that attacks Point-Of-Sale systems.

This report takes a look at the reality that even though we spend lots of money to protect people from targeted attacks, they still continue to happen. (more available)

This short article discusses why a marriage between WAF and DDoS is a good idea.

A report that was created by the 2015 Australian Cyber Security Centre (ACSC) Cyber Security Survey of major Australian businesses was conducted to obtain a better picture of Australian organisations’ understanding of cyber threats and how they are positioned to secure their networks. (more available)

This paper presents a unique perspective on Geolocation. It talks about what it is, the problems with it, and how you can use it to provide better protection against malware and hackers. (more available)

This whitepaper seeks to provide clarity over what “managed security service provider” status means, and whether customers are even concerned about it. (more available)

This paper seeks to help organizations understand the future of Software Asset Management.

This takes a look at how not all cloud security options are created equal.