This report offers a checklist for surviving a Cyber Attack.

The Cylance 2017 Threat Report offers valuable analysis on the current state of cybersecurity. The information provided in the report is unavailable anywhere else. This Cylance® study includes research and information drawn from internal data and feedback provided by Cylance customers. The report offers considerable insights into recent threat trends and related security issues.

The recent escalation in tensions between the United States and Turkey over the detention of pastor Andrew Brunson, have prompted Turkish patriotic hacktivist groups to target American websites. Historically, the two most prominent hacktivist groups Aslan Neferler Tim (ANT) and Turk Hack Team (THT) have reacted to political issues impacting Turkey, by targeting the perceived adversary with low level nuisance attacks such as web defacements and Distributed Denial of Service attacks (DDoS). As the political situation deteriorates, Anomali expects to see an increase in hacktivist related activity targeting American websites.

Between April and July 2018, Fidelis conducted a study of 582 security professionals to evaluate the adoption of threat hunting practices and overall security posture strengths and weaknesses.

This post regards the following event - “Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ command and control server. In addition, the compromised devices were pushed Trojan updates, which allowed the attackers to extend their capabilities. The operation remains active at the time of writing this post, with attacks reported as recently as February 2017.”

Since around October 2016, JPCERT/CC has been confirming emails that are sent to Japanese organisations with a ZIP file attachment containing executable files. The targeted emails, which impersonate existing persons, are sent from free email address services available in Japan. Also, the executable files’ icons are disguised as Word documents. When the recipient executes the file, the machine is infected with malware called ChChes. This blog article will introduce characteristics of ChChes, including its communication.

In this blog we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to have been distributed since September 2016. Both versions still appear to be active.

In late 2017 and early 2018, the Enterprise Strategy Group (ESG) completed a research survey of 413 IT and cybersecurity professionals with knowledge of, or responsibility for, the planning, implementation, and/or operations of their organization’s security policies, processes, or technical safeguards. Survey respondents were in the United States, U.K., and Australia and worked at enterprise organizations (i.e., more than 1,000 employees). Respondents represented numerous industry and government segments, with the largest participation coming from financial services (i.e., banking, securities, insurance, 18%), manufacturing (16%), retail/wholesale (13%), health care (12%), and information technology (10%).

This report offers an analysis into current trends in vulnerability risk management. It examines the attributes of security vulnerabilities viewed through a variety of lenses: Attributes of vulnerabilities published since 2002 versus those only recently published, Attributes of all vulnerabilities published in the National Vulnerability Database (NVD) in contrast with only those uploaded into our platform by our clients, Vulnerabilities broken down by industry vertical, CVSS score, product vendor and active exploitation in the wild.

This report seeks to provide answers to many questions related to the failures of endpoint security that are occuring even though there has been a shift in technology and strategy.

This report shares insights and valuable lessons from an examination of the threats in 2017.

This report helps detail the importance of monitoring suspicious domain registrations to protect a brand from being destroyed by cyber criminals.

From the report, “When we set out to develop a report based on our 163 incident response client engagements over the course of the first half (H1) of 2016, we captured empirical data on type of threats, affected industries, and initial access vectors that threats use. However, we went back to the drawing board to ask ourselves, “What do organizations challenged by cyber threats and cyber risk actually need to know?” As a result, this report takes the form of an advisory aimed at jarring Security and C-Suite leaders just enoug to evoke positive action and a recalibration of their approaches to security.”

This report takes a look at the reality that even though we spend lots of money to protect people from targeted attacks, they still continue to happen. Why are we missing the mark, and what can we change?

This paper explores threats like coin-mining attcks, spike in software supply-chain attacks, the ransomware business, the drop in zero days, and the rise in mobile malware.

“This report is based exclusively on information collected via a wide range of security services within GravityZone: Security for Virtualized Environments, Security for Endpoints, Security for Mobile and Security for Exchange, consumer-oriented products such as Bitdefender Antivirus, Bitdefender Internet Security or Bitdefender Total Security, as well as from Bitdefender BOX, the innovative solution for protecting devices in the IoT space.”

This report provides you with unique insights into Europe, Middle East and Africa’s (EMEA’s) threat landscape for the second half of 2015.

From The Report, “Evaluation of the business threat landscape can be broken down into two major areas: financial and technical. The former we covered extensively in our previous report, by measuring security budgets and recovery costs from typical threats. The next step is to take a closer look at real incidents that businesses have to deal with, and measures they take to prevent them.”

This Paper is subtitled “Stopping Attacks In Progress Starts With Asking The Right Questions” The paper tries to discuss and reveal the questions that should be asked.

This article discusses three different types of careless users who cause cybersecurity incidents.

The “Trends For 2015 – Targeting the Corporate World” report by the ESET LATAM Research Lab invites you to review some of the most significant cases that affected computer security in 2014, and to consider and present the challenges and threats expected for 2015. This report will try to address the different types of threats and security incidents we have witnessed during the year classified by catego- ry in order to answer the following questions: what will we find during 2015 in terms of IT security? And how, therefore, can companies and individual users prepare themselves to get through next year in safe- ty?