This year, NopSec predicts that the biggest cyber threats will be massive data breaches, ransomware, opportunistic crypto-mining attacks and IoT hacking.

3rd-party (aka supply-chain) cyber attacks were one of the main reasons for major data breaches in 2018. Here is a recap of 3rd-party data breaches that hit the news in 2018

This issue of the Rapid7 Quarterly Threat Report takes a deep dive into the threat landscape for 2018 Q4 and looks more broadly at 2018 as a whole. We provide an assessment of threat events by organization size and industry, and examine threat incident patterns identified through guidance from security specialists. We also further explore inbound activity to our honeypot network to identify trends and patterns that reveal rising new threats, such as Android Debug Bridge (ADB) activity, the persistence of old threats such as EternalBlue, and the vulnerability posed by non-novel credentials as revealed to publicly exposed systems. The report concludes with five steps you can take to bolster your organization’s security posture in 2019 and beyond, based on our findings.

This year’s Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” addresses the quickening pace and increasing sophistication in adversary tactics, techniques and procedures (TTPs) over the past year — and in particular, highlights the critical importance of speed in staying ahead of rapidly evolving threats.

“Our 6th annual DevSecOps community survey, represents the voice of 5,558 IT professionals and demonstrates that DevOps practices are maturing rapidly, security is being automated earlier in the development lifecycle, and management of software supply chains is a critical differentiator. "

Phishing domains pose a significant cyber risk for major airlines. Learn how many phishing domains for major airlines there are and how to find them.

From The Report, “What you’re reading are insights culled from a year of security data analysis and hands-on lessons learned. Data analyzed includes the 6.5 trillion threat signals that go through the Microsoft cloud every day and the research and realworld experiences from our thousands of security researchers and responders around the world. In 2018, attackers used a variety of dirty tricks, both new (coin mining) and old (phishing), in their ongoing quest to steal data and resources from customers and organizations. Hybrid attacks, like the Ursnif campaign, blended social and technical approaches. As defenders got smarter against ransomware, a loud and disruptive form of attack, criminals pivoted to the more “stealth”, but still profitable, coin-miners.”

This report examines emerging cyber security challenges and risks that businesses are facing as they embrace cloud services at an accelerating pace. The report provides leaders around the globe and across industries with important insights and recommendations for how they can ensure that cyber security is a critical business enabler. Cyber security leaders and practitioners can use this report to educate lines of business about the real security risks the cloud can present.

Ponemon Institute is pleased to present The Value of Threat Intelligence: Annual Study of North American and United Kingdom Companies, sponsored by Anomali. The purpose of this research is to examine trends in the benefits of threat intelligence and the challenges companies face when integrating threat intelligence with existing security platforms and technologies.

This annual report from Symantec offers insights into formjacking, cryptojacking, ransomware, supply chain attacks, targeted attacks, the cloud, IoT, and even discusses Election Interference. As always the facts and figures are intriguing. Read on!

From July 2017 through June 2018, Secureworks CTU researchers analyzed incident response outcomes and conducted original research to gain insight into threat activity and behavior across 4,400 companies. This report offers answers and insights from their key findings. Read on to learn more.

This brief but important report offers information into the events and data from the holiday shopping season of 2018.

From the report, “It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.”

The 2018 Internet Organised Crime Threat Assessment (IOCTA), has been and continues to be one of the flagship strategic products for Europol. It provides a unique law enforcement focused assessment of the emerging threats and key developments in the field of cybercrime over the last year.

This report offers advice for what to do when the barbarians are at your door…

Aon’s Cyber Solutions explores eight specific risks that organizations may face in 2019 no matter where they are on their digital journey.

This report analyzes many of the cyber security situations from 2018 and offers some predictions for 2019.

This report takes a look at many of the cyber security events that took place in 2017 and discusses what they could mean for 2018.

“It’s difficult to make forecasts, especially about the future,” mused movie mogul, Samuel Goldwyn. With the rapid changes in digital transformation, 2019 is likely to surprise us in significant ways. But one thing is certain: IT predictions for 2019 will include swift expansion into the cloud and solutions for the myriad challenges of providing security, compliance and business continuance across the growing on premise and cloud estates.

In the last two years, businesses and governments have seen data breaches like Equifax and Marriott impact 100s of millions of accounts each, as well as critical intellectual property (IP) and core operations. A global survey of 600+ cybersecurity leaders and professionals by Ponemon Institute shows that 67% of organizations are not confident that they can avoid a data breach, and what the primary security and IT challenges that are causing this. The survey also provides fundamental recommendations that can reduce breach risk through innovating and improving a vulnerability management program.

A review of the observed (externally facing) security practices of the Fortune 1000 firms.