Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

SecurityScorecard on the Principles for Fair & Accurate Security Ratings: A Statement on Model Governance

SecurityScorecard on the Principles for Fair & Accurate Security Ratings: A Statement on [...]

Recently, we explained how the SecurityScorecard platform meets the US Chamber of Commerce’s Principles for Fair and Accurate Security Ratings directive to provide accurate and validated ratings. This week we’re continuing our ongoing efforts to provide awareness around these standards by looking at Model Governance, a principle focused on promoting fair ratings. This principle states: … Continued

Read More
Security Roundup: Uber's Chat System, IoT Exploits, and More

Security Roundup: Uber’s Chat System, IoT Exploits, and More

This week’s Security Roundup brought to you by Or Rikon and Sean Smith. Forms over HTTP to be considered insecure. Reminder that Google is planning to show pages as insecure if they contain forms that get posted over HTTP, rather than HTTPS. Avoiding essentially requires upgrading to use SSL. WikiLeaks Website Apparently hacked by OurMine using DNS … Continued

Read More
NY DFS Cybersecurity Requirements: Who Should Be Listening

NY DFS Cybersecurity Requirements: Who Should Be Listening

For those companies who have been following the New York Department of Financial Services Cybersecurity Requirements and have educated themselves on everything about the regulation, it was easy to jump right into the substance of the requirements.   But for those of you who are just catching up and beginning to evaluate this state cybersecurity … Continued

Read More
Understanding the Basics: NIST Cybersecurity Framework

Understanding the Basics: NIST Cybersecurity Framework

Although not a regulatory framework, the U.S. National Institute of Standards and Technology (NIST) framework is considered an industry best practice for to identifying, measuring, and managing cybersecurity risk. In the 2016 Tenable Trends in Security Framework Adoption Survey, nearly a third of the IT and security professionals surveyed said the NIST cybersecurity framework was … Continued

Read More
Security Roundup: Labor Day Edition

Security Roundup: Labor Day Edition

This week’s SecurityRoundup brought to you by Sean Smith and Scott Walsh.   Neutrino to Jimmy, a Malware Evolution. A few months ago, Kaspersky provided an analysis of a banking trojan calledNeutrino, and this week they dive into its evoluton, which they call Jimmy. The malware strain has evolved from straight up banking card stealing, to … Continued

Read More
A Quick Look at FFIEC's Assessment Tool

A Quick Look at FFIEC’s Assessment Tool

The Federal Financial Institution Examination Council (FFIEC) recently issued the Cybersecurity Assessment Tool (CAT). For U.S. financial institutions that fall under the FFIEC’s purview, this is a framework that can facilitate discussions about an organization’s cybersecurity maturity. As its name suggests, the CAT is a measurement of overall cybersecurity preparedness that the FFIEC recommends as … Continued

Read More
Healthcare Companies Stay Alert to Cyber-Attacks

Healthcare Companies Stay Alert to Cyber-Attacks

As the number of cyber-attacks has increased, companies in the healthcare industry are working to keep up with the dynamic cybersecurity landscape. But with an estimated 4.5 million records healthcare records exposed last year, the healthcare industry’s efforts are still no match for hackers. While building cybersecurity hygiene is a struggle that every industry is … Continued

Read More
IoT Threat Advisory: CVE-2017-7577

IoT Threat Advisory: CVE-2017-7577

  IoT Threat Advisory: CVE-2017-7577 CVSSv2 Score: 5.0 – 10 (conditional) SecurityScorecard Research and Development Department August 9, 2017   Overview As of July 31, 2017, SecurityScorecard has identified 205,390 IoT devices on the public internet (IPv4) which are currently vulnerable to remote exploitation via CVE-2017-7577- a publicly known vulnerability that can allow hackers to … Continued

Read More
SR 13- 19 Provides Guidance on Service Provider Risk Management

SR 13- 19 Provides Guidance on Service Provider Risk Management

The Board of Governors of the Federal Reserve System’s most recent Supervisory Letter “Guidance on Managing Outsourcing Risk” (“Guidance”), released in December 5, 2013, distills the characteristics, governance, and operations required for a risk management program aimed at monitoring service providers of financial institutions. Specifically, the guidance lays on top of other regulatory guidance on … Continued

Read More