From the report, “This research provides a comprehensive and objective review of 2015 cyber-attacks from both a business and a technical perspective. It offers best practice advice for organizations to consider when planning for cyber-attack protection in 2016."

This monthly threat report takes a look at the month of December 2017. Specifically, it looks at insights into Coinhive, intellectual property theft via Iranian hackers, and North Korea’s new cyberattack tools.

This report takes a look at a threat that specifically attacks Android users.

For many organizations, dealing with HTTPS traffic is something of a double edge sword. Recent moves to encryption challenge the status quo in terms of organizational oversight. Finding a balance between competing interests will be critical to moving forward, but while present technology limitations hamper those efforts, technological advancements can enhance them.

This report takes a look at whaling attacks and considers what can be done to stop these kinds of attacks.

In this quarterly threats report, they highlight three Key Topics: They broadly examine evasion techniques and how malware authors use them to accomplish their goals. They explore the very interesting topic of steganography in the digital world. They examine Fareit, the most famous password-stealing malware.

This article reviews the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this particular article, they took a look into drivers trying to roll their own usage of the mmap() function.

Accenture and NowSecure, Inc. analyzed the mobile banking app threat landscape based on industry research, customer-facing mobile banking app vulnerability assessments performed by NowSecure, and Accenture’s industry knowledge and experience working with banking institutions. They collaborated to create a report that was designed to provide an understanding of the current- state security environment for customer- facing mobile banking apps, as well as answer some key questions about the state of mobile banking app security.

System designers have long struggled with the challenge of determining how to control when untrusted applica- tions may perform operations using privacy-sensitive sen- sors securely and effectively. Current systems request that users authorize such operations once (i.e., on install or first use), but malicious applications may abuse such authorizations to collect data stealthily using such sensors. Proposed research methods enable systems to infer the op- erations associated with user input events, but malicious applications may still trick users into allowing unexpected, stealthy operations. To prevent users from being tricked, we propose to bind applications’ operation requests to the associated user input events and how they were ob- tained explicitly, enabling users to authorize operations on privacy-sensitive sensors unambiguously and reuse such authorizations.

This is Rapid7’s Quarterly Threat Report. In this report they sought to make a less chaotic picture of the events of the 3rd quarter of 2017.

This report from May 2016 takes a look at a variety of threat events, and provides insight and solutions for those issues.

The Internet of Things is becoming and area of danger for security risks. This paper discusses the cyber security issues related to the internet of things, and discusses how people should be taking action to protect their devices.

This report takes a very deep look at the subject of Spear Phishing and the impact it is having on business.

This blog post takes a look at a specific Chinese threat that is impacting Engineering and Maritime corporations.

This report documents research conducted as part of the project “Building a Strategy for Cyber Support to Corps and Below.” RAND Arroyo Center was asked by U.S. Army Cyber Command’s G35 office to develop and document an Army strategy for providing cyber sup- port to corps and below (CSCB) units that describes how the Army should use its available resources to achieve mission objectives.

This paper is put together by a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.

This eBook outlines the who, what, why and how of the insider threat to expose risks you may not be considering, and provides guidance to help you prevent and detect these costly attacks.

This is exclusive research into the cyber threat that is Scan4You. It discusses the history and current outcomes of this unique threat.

This Threat Report takes a look at some of the events of late 2017. Specifically, it looks at self-propagating malware, a specific Microsoft Office vuln, and multiple espionage campaigns that target energy utility companies.

This report continues Fortinet’s excellent threat report. It discusses operational technology, Zero-day markets, malware, cryptojacking, the hacking event at the winter olympics, the rise of botnets, and Adromeda. Read On!

Advice in this report ranges from the tactical to the strategic. Recognize the importance of solutions that can provide specific benefits yet work as part of a unified security posture. They claim that their security recommendations will provide actionable information and guidance, while taking into account the need for organizations to grow and innovate at the same time.