The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. (more available)

This report goes in depth on Radware’s performance in mitigating DDoS attacks.

The survey results and relevant observations are as follows: The inner workings of this underground economy havecome to play an influential role in many of the cyberand physical risks facing organizations today. (more available)

Bromium Insights Report is designed to help our customers become more aware of emerging threats and trends and to equip security teams with knowledge and tools to combat today’s attacks and anticipate evolving threats to manage their security posture. (more available)

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. (more available)

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. (more available)

This quarterly threat report offers insight into the DDoS attacks that occurred in the 4th quarter of 2018.

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. (more available)

From the report, “We live in incredible times, where we trust more of our lives to machines that are becoming ever more powerful. (more available)

Osterman Research conducted an in-depth survey of decision makers and influencers. To qualify for the survey, individuals had to be knowledgeable about the security operations in their organizations and their organizations had to have at least 1,000 employees. (more available)

This Morphisec Labs Threat Report is based on anonymized threat data collected from approximately 2,000,000 installed Morphisec endpoint agents as well as in-depth investigations conducted by Morphisec researchers. (more available)

The purpose of this white paper is to help users understand how CrowdStrike ® uses ML to protect endpoints. To get there, we must first clarify what ML is and how it works. (more available)

This white paper seeks to explore more fully how traditional AV has had its day, and how the principles of big data are now applicable to both detecting and preventing IT security threats. (more available)

This report details a new Cylance survey of iTnews readers and provides insight into the state of endpoint security.

This blog post discusses how WannaCry is a pet project of the Lazarus group.

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. (more available)

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. (more available)

APT28 sent out a document disguising itself as a flyer relating to the Cyber Conflict U.S. conference. The document contains a VBA macro that executes a new variant of Seduploader. (more available)

Have you ever wondered what 0 types of cyber attacks affect small to midsize businesses (SMBs) and distributed enterprises (DEs)? Well, you’ve come to the right place. (more available)

This Threat report details some early 2018 threats like ransomware, North Korean hacking, the leveraging of newly exposed vulns.

This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and provides an overview of the technology and methodology used by DeepGuard, the Host-based Intrusion Prevention System (HIPS) of F-Secure’s security products. (more available)