The report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an undeniable business case for the importance of removing admin rights to reduce risk. In this report, we will examine how these vulnerability trends, along with cloud security adoption, collectively influence how we should think about cybersecurity and risk management in 2022 and beyond.

In this report, we’ll delve into insights drawn from an analysis of over 16 billion authentications in the last year (and over 44B in the last 4 years), spanning nearly 52 million different browsers, on 58 million endpoints and 21 million unique phones across regions. Authenticator apps like Duo mobile appeal to both demand for higher security and ease-of-use. Last year, access to remote access applications fell to nearly 25% of authentications after peaking in 2020.

DataGrail’s 2024 Data Privacy Trends Report shows how these factors are playing out on the ground and provides a benchmark for businesses to see how they are tracking. Businesses are receiving more privacy requests, also known as Data Subject Requests (DSRs) every year; we saw a 246% increase in requests from 2021 to 2023.

Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

Security threats are real, they continue to grow, and they are likely to penetrate an organization through email. Organizations simply cannot settle for ‘Good Enough’ email security and sole reliance on a SEG is not enough. As we all know, it only takes one breach to damage a company’s financial status, brand reputation, and/or relationship with its employees and customers. Each day, our analysts see thousands of threats that are bypassing all SEGs on the market.

This report presents a combined look at what Google knows about zero-day exploitation, bringing together analysis from TAG and Mandiant holistically for the first time. The goal of this report is not to detail each individual exploit or exploitation incident, but look for trends, gaps, lessons learned, and successes across the year as a whole. As always, research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations.

This report is the first attempt to map out the most critical identity security weaknesses in the hybrid enterprise environment. These Identity Threat Exposures (ITEs), gathered from hundreds of live production environments, are the key weaknesses that allow attackers to access credentials, escalate privileges and move laterally, both on-prem and in the cloud.

In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100% . In other words, your email security solutions aren’t stopping the threats you think they are. Security threats are real, they continue to grow, and they are likely to penetrate an organization through email . Organizations simply cannot settle for ‘Good Enough’ email security and sole reliance on a SEG is not enough . As we all know, it only takes one breach to damage a company’s financial status, brand reputation, and/or relationship with its employees and customers.

The 10th annual Imperva Bad Bot Report is a threat research report that analyzes and investigates the automated attacks occurring daily, sneaking past traditional detection methods and wreaking havoc on the internet. It is based on data collected from the company’s global network throughout 2022, which includes 6 trillion blocked bad bot requests, anonymized across thousands of domains. . In addition, this report offers meaningful information and guidance about the nature and impact of bots to help organizations better understand the potential risks of bot traffic when not properly managed.

The purpose of this report is to assess and summarize the current threat landscape facing organizations as a result of the digital identities that they issue to legitimate users. We called this report “The Unpatchables” because digital identities represent a source of technical risk that is impossible to completely mitigate even in theory.

In this report, Perception Point analyzes the most pervasive attacks its advanced threat detection platform detected in 2022, noting a particular increase in account takeover attacks in the latter half of the year as well as an ongoing growth in phishing attacks. This report examines cyber threats through distinct lenses based on the intelligence gathered by Perception Point’s proprietary detection engines and its managed incident response service.

The April 2023 report details a continued rise in Russian state-sponsored threat actors, the shutdown of a widely used hacker marketplace, “shadow ban” attacks against Twitter users, and the emergence of several new high and critical vulnerabilities, including a zero-day exploit against Google Chrome. It also provides updates to the metrics and information on the most impactful vulnerabilities and malware strains in the wild today and includes information on some of the top phishing sites observed over the month.

This report will help you recognize the social engineering tactics and sophisticated coding used in phishing attacks, so you can prevent costly data breaches. Read on for an in-depth look at the latest phishing trends and observations the ThreatLabz team collected throughout the past year, and get best practices for safeguarding your organization against ever-evolving phishing techniques.

As digital transformation and workload migration continue at a higher pace than ever, cloud technologies are also rapidly growing in importance. Executive teams are focused on modernisation to meet the new expectations of users and customers while also being positioned to take advantage of new commercial opportunities. Now is the time to ensure your ITAM is well aligned to help these initiatives succeed.

The Google Cloud Threat Horizons Report brings decision-makers strategic intelligence on current and likely future threats to cloud enterprise users and the best original cloud-relevant research and security recommendations from across Google’s intelligence and security teams.

This report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked data bot requests, anonymized over thousands of domains. The goal os this report is to provide meaningful information and guidance about the nature and impact of these automates threats.

This report is based on cybercrime attacks detected by the Digital Identity Network from July-December 2021, during near real-time analysis of consumer interactions across the customer journey, from new account creations, logins, payments and other non-core transactions such as password resets and transfers.

Weak passwords abound, and ATO is interrupting services critical to every aspect of online life: working, streaming, ordering, paying, and just plain connecting. Raising security awareness of this topic can certainly help; but the ATO threat will remain endemic until the problems inherent to password use are resolved.

For the 2020 Duo Trusted Access Report, our data shows that more organizations across all industries are enabling their workforces to work from home now, and potentially for an extended period of time. They’re also implementing the appropriate security controls to ensure secure access to applications. In this report, we’ll look at how companies are currently securing remote work and what makes a solid and secure remote access strategy.

The Fortinet Threat Landscape Index (TLI) was developed to provide an ongoing barometer of overall malicious activity across the internet. The TLI is based on the premise that the cyber landscape gets more threatening as more of our sensors detect a wider variety of threats at a higher volume.

The State of Pentesting 2022 Report focuses on issues and stats that are relevant to both security and development teams: to separate these two inextricably linked groups would only yield a partial picture of the security landscape.