Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

WannaCry: The Global Attack with a Reminder Attached

  Last week a ransomware attack, unprecedented in size hit companies and organizations across the globe. As the world returns to the office today, the attack is poised to spread as unpatched machines are flipped on as people get back to work. Over the weekend, the SecurityScorecard research team completed a global scan using the … Continued

What is the Equation Group & who are the Shadow Brokers?

What is the Equation Group & who are the Shadow Brokers?

A massive ransomware attack has hit companies and organizations in over 99 countries causing tremendous business and civil disruption. The attack appears to stem from the use of stolen hacking tools that have been published by a group called the Shadow Brokers. The ransomware attacks appear to be the latest fallout relating to the EquationGroup … Continued

Read More
Top 10 Information Security Websites You Have to Follow

Top 10 Information Security Websites You Have to Follow

You’re a CISO on the train on your way into work. What are you reading? We all know that the information security world is constantly evolving, making it increasingly important to keep up with the latest threat, breach, or vulnerability that may be exposing risk to your organization. There are many security publications, sites, and … Continued

Read More
Top 12 Information Security Twitter Accounts You Have to Follow

Top 12 Information Security Twitter Accounts You Have to Follow

The information security industry moves at an incredibly quick pace, and sometimes it’s difficult to keep up with the the most recent updates, hacks, and data leaks that pose a threat to your organization. Social media is an excellent and quick way to ensure that you’re continuously informed on the latest security threat what’s most … Continued

Read More
Why are typosquats a risk to your organization?

Why are typosquats a risk to your organization?

  SecurityScorecard CEO, Aleksander Yampolskiy, recently did a presentation on the dangers of typosquats and how they can impact your organization. Keep reading to learn more about typosquats and how you can combat them. What are typosquats? Typosquatting, also called URL hijacking, is when an attacker targets a brand and registers a domain relying on typographical errors. … Continued

Read More
How New Technology is Bringing Risk to the Healthcare Industry

How New Technology is Bringing Risk to the Healthcare Industry

  The Internet of Things (IoT) is increasingly becoming a popular topic of choice in the cybersecurity industry and for unfortunate reasons. In short, the Internet of Things is the name applied to a wide variety of devices that connect to the internet. These can be routers, cameras, smart light bulbs, and medical devices. Unfortunately, … Continued

Read More
Why Employees Are Your Most Vulnerable Asset: Social Engineering Explained

Why Employees Are Your Most Vulnerable Asset: Social Engineering Explained

  Verizon’s 2016 Data Breach Investigations Report marked Social Engineering attacks as the 3rd highest threat action, behind hacking and malware. Those attacks have been rising over the years due to the relative ease of execution and lack of technical knowledge needed. Social Engineering, unlike common hacking methods such as brute-forcing, cross-site scripting, or keylogging, … Continued

Read More
How IoT Is Responsible for the Massive DDoS Attack

How IoT Is Responsible for the Massive DDoS Attack

On Friday morning, October 21st, East Coast internet users found themselves unable to access major websites such as Spotify, Twitter, Netflix, and Reddit, among others. Reports quickly came out detailing that the reason for the internet outage was due to a massive DDoS attack leveraged against Dyn, an internet infrastructure company that provides DNS services … Continued

Read More
Information Security and The Rio Games: Was Brazil Ready?

Information Security and The Rio Games: Was Brazil Ready?

  On Friday August 5th, the Rio Olympics kicked off and millions of eyes eagerly anticipated the start of the games. In the eyes of information security, a tentative breath was held to see if a major security incident would affect the opening ceremony or any subsequent events. Large sporting events are increasingly becoming an … Continued

Read More
How Big is the End-Of-Life Cybersecurity Problem? [INFOGRAPHIC]

How Big is the End-Of-Life Cybersecurity Problem? [INFOGRAPHIC]

  End-of-Service or End-Of-Life (EOL), is a term applied to hardware or software when a manufacturer stops supporting it with any updates. This can be very problematic since any vulnerabilities that are found (and can subsequently be exploited by hackers) will never be patched. This can cause widespread damage if a software, such as an operating … Continued

Read More
Announcing the Security Roundup Newsletter

Announcing the Security Roundup Newsletter

Introducing the Security Roundup Newsletter. The Security Roundup is our weekly curated newsletter made up of the most interesting and important developments in the cybersecurity space. Our Director of Architecture, Sean Smith, provides his research and analysis on content scoured across the web, ranging from new developments on a strain of ransomware, how Google is … Continued

Read More
How Big Is the U.S. Government Cybersecurity Problem?

How Big Is the U.S. Government Cybersecurity Problem?

A look at recent data breaches and how the government is reacting. It seems like the US government is more and more often falling prey to hackers, whether it’s from nation-sponsored organizations or independent organizations. Two government data breaches made the list of Network World’s list of ‘Biggest data breaches of 2015’ citing an IRS … Continued

Read More
What Security Experts Can Learn From The Illinois State University Hack

What Security Experts Can Learn From The Illinois State University Hack

The Illinois State University hack took place in the beginning of March, as reported by Illinois’ own Pantagraph, The Washington Times, and other publications. Direct-deposit payroll information from at least a dozen faculty and staff were diverted to a different account, totaling about $50,000 in lost payments. The affected employees received their payments and ISU is … Continued

Read More
The Healthcare Industry Currently Faces A Growing Cyber Security Crisis

The Healthcare Industry Currently Faces A Growing Cyber Security Crisis

  Hospitals are where you go to get healthy, but they are increasingly becoming playgrounds for hackers, owing to weak cyber security measures. A couple of weeks ago, networks of the Hollywood Presbyterian Medical Center, a California-based hospital, were held hostage, reportedly to the tune of 9,000 bitcoin or over $3.6 million. This isn’t a … Continued

Read More
A Security Analysis of ​the VTech Data Exposure

A Security Analysis of ​the VTech Data Exposure

Hacker Goes Directly to Media to Expose VTech Security Issues The Hong Kong-based toy company, VTech, recently experienced a data breach that exposed the customer data of 6.2 million children and 4.9 million adults across 13 different countries, with the bulk from the U.S.. VTech has a number of electronic toys, some which are using … Continued

Read More
Hilton and Starwood Data Breaches Spotlight Retail Malware

Hilton and Starwood Data Breaches Spotlight Retail Malware

Point of Sale Malware at Retail Stores Inside Hilton & Starwood Hotels The last few weeks have seen several major hotel chains including Starwood Hotels and Hilton Hotels report data breaches targeting the credit card data used at retail outlets inside the hotels. In both cases, Point of Sale (PoS) malware was the attack culprit. … Continued

Read More
An Analysis of the Pearson VUE Data Breach

An Analysis of the Pearson VUE Data Breach

Cisco Shuts Down Cert Tracker After Pearson Breach A third party technology examination company, Pearson VUE, was recently a victim of a malware attack that has exposed personal user data and passwords, according to Network Computing. Pearson VUE is one of the largest handlers of technology exams for companies and organizations that test individuals for … Continued

Read More
The Holiday Shopping Season's Retail Security Reality

The Holiday Shopping Season’s Retail Security Reality

Ranking Retail Security: Web Applications & Legacy Systems Are Weak Black Friday and Cyber Monday are almost here. Earlier this week, we released our 2015 Retail & eCommerce Security Report that examines a variety of security risk trends and problem areas within the top and bottom 10% of retail companies which represent roughly 200 retail … Continued

Read More
Tips for Vetting the Security of Cloud Service Providers

Tips for Vetting the Security of Cloud Service Providers

How to Vet Cloud Vendors and Make Sure CSPs Are Used Securely A modern enterprise uses the cloud and cloud service providers (CSP), period. Your employees might use DropBox or OneDrive to access work data remotely. You might communicate with your vendors mostly through a portal that accepts invoices and generates work orders. At the top … Continued

Read More
A Closer Look at Experian’s Scorecard

A Closer Look at Experian’s Scorecard

T-Mobile & Experian: The Fallout From Big Brand Breaches Update: Class-action lawsuits for Experian are increasing, according to The Hill. Experian, who released half-year financials yesterday, was quoted as saying: “It is currently not possible to predict the scope and effect on the Group of these various regulatory and government investigations and legal actions, including their timing … Continued

Read More
The Target Breach: A Study in Vendor Risk Gaps

The Target Breach: A Study in Vendor Risk Gaps

Verizon Report to Target Reinforces Need for Instant Risk Visibility Target has become a case study in the long-term effects of security risk via a third party. A class action suit brought by banks, credit unions, and financial firms was recently approved by a Federal judge, so the legal costs are still being added up. The … Continued

Read More
The 10 Best & Worst College & University Security Rankings

The 10 Best & Worst College & University Security Rankings

A University Security Audit for 2015 Data breaches and data theft at colleges and universities are a very common occurrence. From the 80,000 students recently affected at California State colleges to the 29 employee records hacked at the University of Calgary last week in Canada, higher education is a frequently targeted playground for security attacks. This week, Rutgers University … Continued

Read More
Research Reflections from Black Hat 2015

Research Reflections from Black Hat 2015

Members of SecurityScorecard’s R&D Team Attended Black Hat USA 2015 The following post includes reflections and impressions from Black Hat USA 2015 by two security researchers, John Mullins and Greg Lindor, who work on SecurityScorecard’s Research & Development team.  This team is led by Head of Threat Intelligence, Marcello Duarte, who manages and advises a team … Continued

Read More
The Security of Mobile Apps Starts and Ends With Developers

The Security of Mobile Apps Starts and Ends With Developers

Third Party Development Adds to the App Security Dillema According to a story from Business Insider, mobile device users spend 86 percent of their time using mobile apps, as opposed to the mobile web. Businesses cite the rapid adoption of apps as a way to cut costs and increase productivity, but apps suffer from insecure … Continued

Read More
Echoes of Target Breach In Recent CVS Photo Partner Hack

Echoes of Target Breach In Recent CVS Photo Partner Hack

PNI Digital Media Was A Third Party Entry Point Into Big Retail: CVS, Walmart, Possibly Others Update: PNI Digital media is facing multiple class action lawsuits, according to Law 360 and Class Actions Reporter. One suit is centered on CVS in the state of Georgia; the other suit is focused on Costco which was filed … Continued

Read More