Tenable Research takes that approach to equip our customers and the industry at large with the tools, awareness and intelligence to effectively reduce risk. To further those goals, SRT has complied this 2020 Threat Landscape Retrospective, which offers both a macro look at the trends that shaped the year as well as the detailed compendium of key vulnerabilities. The insights and data provided in these pages are designed to help cyber defenders learn from the past in order to build cybersecurity strategies that protect critical infrastructures, supply chains and data while respecting privacy.

Tenable’s Security Response Team (SRT) continuously monitors the threat landscape throughout the year, putting us at the forefront of trending vulnerabilities and security threats. From this vantage point, we complied and categorized our data from this annual report. In a year marked by tense geopolitics, hacktivism, ransomware and attacks targeting critical infrastructure - all alongside a turbulent macroeconomic environment - organizations struggled to keep pace with the demands on their cybersecurity teams and resources.

Rapid7’s Vulnerability Intelligence Report examines notable vulnerabilities and high-impact attacks from 2022 in order to highlight exploitation trends, explore attackers use cases, and offer a framework for understanding new security threats as they arise. Our aim is the contextualize the vulnerabilities that introduce serious risk to a wide range of organizations. The report examines 50 vulnerabilities that pose considerable risk to organizations of all sizes. In total, this report includes 45 vulnerabilities that were exploited in the wild 2022, of which 44% arose from zero-day exploits.

The goal of this report is to help defenders understand the fulls cope of today’s modern attack surface so they can continue to refine their cybersecurity strategies and reduce risk. In this report, we explore the most notable vulnerabilities of the year and how they were used in attack chains, with specific focus on the value of Active Directory to threat actors.

In our H1 2022 FortiGuard Labs Threat Landscape Report, we examine the cyber threat landscape during the year’s first half to identify trends and offer recommendations about what CISOs and security teams should pay close attention to in the months ahead. The report’s findings are based on data collected through our global array of sensors monitored by the FortiGuard Labs team.

In the first half of 2022 SonicWall Capture Labs threat researchers recorded 2.8 billion malware hits globally, an 11% increase year to date over 2021. The amounts to an average of 8.240 malware attempts per customer. Based on data collected, the true culprits behind the rise in malware have been crypto-jacking and loT malware, which have risen 30% and 77% respectively, year to date.

Based on Arete case data, the commonly observed techniques and vulnerabilities of 2021 will likely not change through most of 2022. In the Arete Annual Crimeware Report, we will discuss: notable tactics and techniques observed in threat actor campaigns, notable negotiation insights gleaned from ransomware cases, how law enforcement has changed its games and how the threat landscape will evolve in 2022.

A review of mobile device application security, based upon a combination of data from Zimperium’s product and suvey based results.

The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. Over 5,000 respondents in this year’s survey.

This report goes in depth on Radware’s performance in mitigating DDoS attacks.

The survey results and relevant observations are as follows: The inner workings of this underground economy havecome to play an influential role in many of the cyberand physical risks facing organizations today. Toenhance the context within which these illicit goodsand services are obtained, abused, and ultimatelycontribute to such risks, Flashpoint analysts conducteda survey of the prices for various offerings listed forsale across the Deep & Dark Web. While analysts’findings should be interpreted as case studies andgeneral observations rather than precise statistics, thisreport can and should serve to inform the security andrisk strategies of organizations across all sectors.

Bromium Insights Report is designed to help our customers become more aware of emerging threats and trends and to equip security teams with knowledge and tools to combat today’s attacks and anticipate evolving threats to manage their security posture.

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. A significant number of these vulnerabilities are exploitable and have remote code execution capabilities, changing their status from a potential threat to an active and live cyber risk exposure point. While our findings naturally focus on the most recent data, the report includes more than 20 years of data from 1996 through 2018, allowing us to see long-term trends.

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. This report details the preliminary findings of the research and outlines the volume of SSL/TLS certificates for sale on the dark web, including information on how they are packaged and sold to attackers. These certificates can be used to eavesdrop on sensitive communications, spoof websites, trick consumers and steal data. The long-term goal of this research is to gain a more thorough understanding of the role SSL/TLS certificates play in the economy of the dark web as well as how they are being used by attackers.

This quarterly threat report offers insight into the DDoS attacks that occurred in the 4th quarter of 2018.

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. This article will provide background on the deserialization vulnerability, describe the limitations of the existing mitigation techniques and explain why Waratek’s Compiler Based solution is ideal in solving this problem.

From the report, “We live in incredible times, where we trust more of our lives to machines that are becoming ever more powerful. We cannot leave the doors to our “digital kingdoms” wide open. Adversaries, both nation-states and for-profit malicious actors, have access to a seemingly unlimited supply of “all access keys”. Our responsibility is to revoke and disable these keys or to at least make that access as difficult as possible through thoughtful defense-in-depth security controls. These controls should not just rely solely on the “next gen” version of a well-known technology. Truly different types of protection and detection technologies need to be layered in order to create the strongest possible defense.” Read on to find out more.

Osterman Research conducted an in-depth survey of decision makers and influencers. To qualify for the survey, individuals had to be knowledgeable about the security operations in their organizations and their organizations had to have at least 1,000 employees. A total of 404 surveys were conducted during June and July 2018. This white paper discusses the results of that research and our analysis of the survey data.

This Morphisec Labs Threat Report is based on anonymized threat data collected from approximately 2,000,000 installed Morphisec endpoint agents as well as in-depth investigations conducted by Morphisec researchers. It includes observations about trends in the wider security landscape together with analyses of the tactics and techniques used by malicious actors.

The purpose of this white paper is to help users understand how CrowdStrike ® uses ML to protect endpoints. To get there, we must first clarify what ML is and how it works. Then we will describe how Crowdstrike implements ML, specifically in the area of malware detection. Finally, we will discuss the benefits and limitations of applying ML in cybersecurity. In the end, the reader will get a better understanding of ML and how — when used correctly — it can help defend against cyber threats.

This white paper seeks to explore more fully how traditional AV has had its day, and how the principles of big data are now applicable to both detecting and preventing IT security threats.