This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. (more available)

The 2020 edition of this annual report reviews five years of phishing events from F5’s Security Operations Center. This data is supplemented with active and confirmed phishing sites from Webroot and darkweb market data from Vigilante for a broad view of the volume and techniques of phishing activity. (more available)

This report is based on a survey of investigators from over 150 organizations. It seeks to better understand financial crime and how companies deal with it. (more available)

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

This report goes in-depth into the changes in malware attacks for 2020, using data collected from honey pots, telemetry, and research conducted by threat analysts and reporters in 2019. (more available)

Bitdefender researchers recently investigated a sophisticated APT-style cyberespionage attack targeting aninternational architectural and video production company, pointing to an advanced threat actor and a South Korean based C&C infrastructure. (more available)

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available)

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

Overview of deployment of TLS encryption in the general internet and Alex Top 1000 sites.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products. (more available)

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy. (more available)

For the fourth time, White Ops and the ANA have partnered to measure bot fraud in the digital advertising ecosystem. Previous studies measured bot fraud in the digital advertising ecosystem in August/September 2014, August/September 2015, and November/December 2016. (more available)

This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue. (more available)

The LexisNexis® Risk Solutions Cybercrime Report is based on cybercrime attacks detected by the LexisNexis® Digital Identity Network® from January – June 2019, during real-time analysis. (more available)

A necessary pillar of an effective cyber defense strategy is the capability to detect and mitigate threats at the earliest stages of the cyber kill chain. (more available)

From the report, “How do we actually “play the hacker”? We do this by deploying simulators that play the role of a “virtual hacker” across endpoints, network and cloud, and execute breach methods from our hacker’s playbook. (more available)

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. (more available)

This report takes a specific look back at connected medical device events that occurred in 2017.

This paper demonstrates vulnerabilities that affect numerous traders. Among them are unencrypted authentication, communications, passwords, and trading data; remote DoS that leaves applications useless; trading programming languages that allow DLL imports; insecurely implemented chatbots; weak password policies; hardcoded secrets; and poor session management. (more available)