This report details a new Cylance survey of iTnews readers and provides insight into the state of endpoint security.

This blog post discusses how WannaCry is a pet project of the Lazarus group.

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. "

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here.

APT28 sent out a document disguising itself as a flyer relating to the Cyber Conflict U.S. conference. The document contains a VBA macro that executes a new variant of Seduploader. This article analyzes the document and the reconnaissance malware inside.

Have you ever wondered what 0 types of cyber attacks affect small to midsize businesses (SMBs) and distributed enterprises (DEs)? Well, you’ve come to the right place.

This Threat report details some early 2018 threats like ransomware, North Korean hacking, the leveraging of newly exposed vulns.

This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and provides an overview of the technology and methodology used by DeepGuard, the Host-based Intrusion Prevention System (HIPS) of F-Secure’s security products.

This paper takes a look at cloud sandboxing and how that can be used to protect governments from Ransomware.

This report focuses on software vulnerabilities, software vulnerability exploits, malware, and unwanted software. It is the hope that readers find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.

This paper answers questions about what the deserialization vulnerability is, and what the challenges are to solving it.

This is a handy guide for CIO’s that seeks to provide guidance for Mobile Threat Defense.

This report takes a look at the DDoS threats that occurred in the fourth quarter of 2016.

This report takes a look at a North Korean CyberEspionage Groub.

This short article discusses why a marriage between WAF and DDoS is a good idea.

This paper will examine the ways attackers use files to deliver malware, the reasons these methods are effective, and the steps organizations should take to block these kinds of attacks.

This report takes a look at the DDoS threats that occurred in the third quarter of 2016.

This report provides insight into taking a proactive approachv against known, unkown, and zero-day exploits that serve as the starting point for multi-vector cyberattacks.

The annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. The review presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.

Published in March of 2015, this report reviews the key figures and facts on vulnerabilities from a global information security perspective.

This paper argues that the level of security in cyberspace is actually far better than the picture described by media accounts and IT security reports.