Cofence report on how phishing attempts and phishing prevention have changed in 2019.

The Herjavec Group goes over changes to Cybersecurity in 2019, looking at the cyber attack surface, cybersecurity spending, and ransomware rising.

This report goes in-depth into trends in healthcare data security, surveying 26,000 companies and analyzing terabytes of information.

Sonicwall outlines the changes in the threat landscape in 2020 for companies to utilize.

This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.

Most blogs or papers about crypto-ransomware typically focus on the threat’s delivery, encryption algorithms and communication, with associated indicators of compromise (IOCs). This research paper takes a different approach: an analysis of the file system activity or behaviors of prominent crypto-ransomware families (hereafter, simply called ransomware).

Using data from the Verizon DBIR and other sources, this report reviews the value of DNS in overall organizational security.

An analysis of threat actors and key action patterns based upon CrowdStrike’s threat hunting human analyst team over the first half of 2019.

This publication from Fortinet looks at how the threat landscape has changed in the third quarter of 2018 by doing data-driven analysis with some noteworthy events pulled from Q3 2018 headlines.

This is a quarterly publication from Fortinet that looks at how the threat landscape has changed in the first quarter of 2019.

This report goes in depth into the state of Internet security, including how companies are storing data, orgation’s internet surface areas, and where exposures exist the most.

This is quarterly publication from Fortinet that looks in the current cyber security threats from April 1 to July 1.

The VIPR report (Verizon Incident Preparedness and Response Report) outlines preparations and responses to data breaches. This includes 6 phases, planning and preparation, detection and validation, containment and eradication, collection and analysis, remediation and recovery, and assessment and adjustment.

From the report, “[This] report also captures the changing strategies used by attackers and highlights how organizations today are bolstering their defenses to stay one step ahead. It concludes with a peek into the cybersecurity areas that will be pertinent in the near future. We hope that you will benefit from the global and industry-specific insights available in this edition of the State of Cybersecurity Report and that together, we will be able to make our enterprises more resilient to withstand and recover from future attacks!”

From the report, “From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. In this special edition of the State of the Internet / Security Report, we’re focusing on data within the high tech, video media, and entertainment sectors — collectively named Media & Technology.”

From the report, “We wanted to do something different for this report. Instead of looking at a single type of attack, we stepped back to look at attacks against banks, credit unions, trading companies, and other organizations that make up financial services as a whole. Most defenders only see a very small segment of the overall traffic, whether they’re the target or the vendor supplying defensive tools. The breadth of Akamai’s products and our visibility into a significant portion of Internet traffic allows us to research multiple stages of the attack economy.”

Ponemon Institute surveyed 627 IT and IT security practitioners in the United States to understand how well organizations are addressing cyber risks associated with attackers who may already be residing within the perimeter, including insiders that might act maliciously. In this study, these are referred to as “post-breach” or “resident” attackers. The findings consistently show that organizations do not fully understand the risks associated with this type of threat, are unprepared for resident attackers, and have little ability to discover and remove them.

This paper provides a review and analysis of 2018 cyber incidents and key trends to address.

This is a summary of vulnerability trends observed and investigated by the eSentire Security Operations Center (SOC) in 1H 2019.

This white paper describes the critical role of pen testing for web applications. It explores the economics of “classic” pen testing and considers a variety of unseen costs and points of diminishing value. The paper concludes by describing a next-generation hybrid applicationsecurity-testing-as-a-service and how it can help bring the flexibility in applying both automated app testing tools (DAST) and the human expertise of ethical hackers (pen testing) to this challenge.

This report takes a look at how Russia’s nationalism along with new internet laws are fueling Russian cybercrime.