In our H1 2022 FortiGuard Labs Threat Landscape Report, we examine the cyber threat landscape during the year’s first half to identify trends and offer recommendations about what CISOs and security teams should pay close attention to in the months ahead. (more available)

In the first half of 2022 SonicWall Capture Labs threat researchers recorded 2.8 billion malware hits globally, an 11% increase year to date over 2021. (more available)

Based on Arete case data, the commonly observed techniques and vulnerabilities of 2021 will likely not change through most of 2022. (more available)

A review of mobile device application security, based upon a combination of data from Zimperium’s product and suvey based results.

The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. (more available)

This report goes in depth on Radware’s performance in mitigating DDoS attacks.

The survey results and relevant observations are as follows: The inner workings of this underground economy havecome to play an influential role in many of the cyberand physical risks facing organizations today. (more available)

Bromium Insights Report is designed to help our customers become more aware of emerging threats and trends and to equip security teams with knowledge and tools to combat today’s attacks and anticipate evolving threats to manage their security posture. (more available)

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. (more available)

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. (more available)

This quarterly threat report offers insight into the DDoS attacks that occurred in the 4th quarter of 2018.

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. (more available)

From the report, “We live in incredible times, where we trust more of our lives to machines that are becoming ever more powerful. (more available)

Osterman Research conducted an in-depth survey of decision makers and influencers. To qualify for the survey, individuals had to be knowledgeable about the security operations in their organizations and their organizations had to have at least 1,000 employees. (more available)

This Morphisec Labs Threat Report is based on anonymized threat data collected from approximately 2,000,000 installed Morphisec endpoint agents as well as in-depth investigations conducted by Morphisec researchers. (more available)

The purpose of this white paper is to help users understand how CrowdStrike ® uses ML to protect endpoints. To get there, we must first clarify what ML is and how it works. (more available)

This white paper seeks to explore more fully how traditional AV has had its day, and how the principles of big data are now applicable to both detecting and preventing IT security threats. (more available)

This report details a new Cylance survey of iTnews readers and provides insight into the state of endpoint security.

This blog post discusses how WannaCry is a pet project of the Lazarus group.

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. (more available)

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. (more available)