A review of trends in e-commerce security and attacks based upon a variety of sources collected via Impreva Research labs.

Drawing on Duo’s customer basis of millions of devices and the authentication traffic associated with them between June 2020 and May 2021, this report reviews trends in authentication methods and includes firmographic breakdowns.

This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements.

This report aims to examine the issue of stalkerware. They present data to understand the changes and scale of the problem in 2020.

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. It also compares the code to popular malware like Kazuar, suggesting it is being used by the same groups.

The 2020 edition of this annual report reviews five years of phishing events from F5’s Security Operations Center. This data is supplemented with active and confirmed phishing sites from Webroot and darkweb market data from Vigilante for a broad view of the volume and techniques of phishing activity.

This report is based on a survey of investigators from over 150 organizations. It seeks to better understand financial crime and how companies deal with it.

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

This report goes in-depth into the changes in malware attacks for 2020, using data collected from honey pots, telemetry, and research conducted by threat analysts and reporters in 2019.

Bitdefender researchers recently investigated a sophisticated APT-style cyberespionage attack targeting aninternational architectural and video production company, pointing to an advanced threat actor and a South Korean based C&C infrastructure. This report goes in-depth on this attack.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

Overview of deployment of TLS encryption in the general internet and Alex Top 1000 sites.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products.

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy.

For the fourth time, White Ops and the ANA have partnered to measure bot fraud in the digital advertising ecosystem. Previous studies measured bot fraud in the digital advertising ecosystem in August/September 2014, August/September 2015, and November/December 2016. This one studies November/December 2019.

This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue.js, Bootstrap and jQuery, and the significant security differences between the different alternatives, and particularly between Angular and React

The LexisNexis® Risk Solutions Cybercrime Report is based on cybercrime attacks detected by the LexisNexis® Digital Identity Network® from January – June 2019, during real-time analysis. It covers the digital identity network, and attacks on “high-risk” transactions.

A necessary pillar of an effective cyber defense strategy is the capability to detect and mitigate threats at the earliest stages of the cyber kill chain. While internal and perimeter security solutions are critical to your security program, external threat intelligence gives you the ability to defend forward by eliminating threats outside the wire. This ebook is designed to provide a framework for security professionals on how to conduct effective external threat hunting on the dark web.