Weak passwords abound, and ATO is interrupting services critical to every aspect of online life: working, streaming, ordering, paying, and just plain connecting. (more available)

In the 2021 Dup Trusted Access Report, we’ll explore how companies are currently securing hybrid work and what makes a solid and secure remote access strategy. (more available)

For the 2020 Duo Trusted Access Report, our data shows that more organizations across all industries are enabling their workforces to work from home now, and potentially for an extended period of time. (more available)

For The 2019 Duo Trusted Access Report, our data shows that Duo customers across all industries are starting to implement zero-trust security principles to secure their workforce. (more available)

The Fortinet Threat Landscape Index (TLI) was developed to provide an ongoing barometer of overall malicious activity across the internet. The TLI is based on the premise that the cyber landscape gets more threatening as more of our sensors detect a wider variety of threats at a higher volume. (more available)

The State of Pentesting 2022 Report focuses on issues and stats that are relevant to both security and development teams: to separate these two inextricably linked groups would only yield a partial picture of the security landscape. (more available)

A review of trends in e-commerce security and attacks based upon a variety of sources collected via Impreva Research labs.

Drawing on Duo’s customer basis of millions of devices and the authentication traffic associated with them between June 2020 and May 2021, this report reviews trends in authentication methods and includes firmographic breakdowns. (more available)

This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements. (more available)

This report aims to examine the issue of stalkerware. They present data to understand the changes and scale of the problem in 2020. (more available)

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

The 2020 edition of this annual report reviews five years of phishing events from F5’s Security Operations Center. This data is supplemented with active and confirmed phishing sites from Webroot and darkweb market data from Vigilante for a broad view of the volume and techniques of phishing activity. (more available)

This report is based on a survey of investigators from over 150 organizations. It seeks to better understand financial crime and how companies deal with it. (more available)

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

This report goes in-depth into the changes in malware attacks for 2020, using data collected from honey pots, telemetry, and research conducted by threat analysts and reporters in 2019. (more available)

Bitdefender researchers recently investigated a sophisticated APT-style cyberespionage attack targeting aninternational architectural and video production company, pointing to an advanced threat actor and a South Korean based C&C infrastructure. (more available)

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available)

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

Overview of deployment of TLS encryption in the general internet and Alex Top 1000 sites.