Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

The Security of Mobile Apps Starts and Ends With Developers

Third Party Development Adds to the App Security Dillema According to a story from Business Insider, mobile device users spend 86 percent of their time using mobile apps, as opposed to the mobile web. Businesses cite the rapid adoption of apps as a way to cut costs and increase productivity, but apps suffer from insecure … Continued

Echoes of Target Breach In Recent CVS Photo Partner Hack

Echoes of Target Breach In Recent CVS Photo Partner Hack

PNI Digital Media Was A Third Party Entry Point Into Big Retail: CVS, Walmart, Possibly Others Update: PNI Digital media is facing multiple class action lawsuits, according to Law 360 and Class Actions Reporter. One suit is centered on CVS in the state of Georgia; the other suit is focused on Costco which was filed … Continued

Read More
The Problem With Corporate Email Addresses on Social Networks

The Problem With Corporate Email Addresses on Social Networks

SecurityScorecard Finds Grainger Susceptible to Social Engineering In a July 14 press release, the B2B industrial distributor, W.W. Grainger reported that it had experienced a security attack. The company stated in this press release that there was “no evidence there is any impact to customers, suppliers or employees because there is no indication that information … Continued

Read More
Security Data Breaches Round Up: Higher Education

Security Data Breaches Round Up: Higher Education

Higher Education’s Records Are Key PII and Credential Theft Targets Where there is data to be harvested for fraud, there will be breaches. The question arises, why is a specific vertical industry more susceptible to breaches than others? The irony for the education vertical is that much of it comes down to security awareness and … Continued

Read More
U.S. Military Manufacturer Experiences Data Breach

U.S. Military Manufacturer Experiences Data Breach

Over 3,700 Customers’ PII, and Credit Card Information Breached Durham, North Carolina-based LC Industries has recently reported a security data breach, according to SC Magazine. The breach, which occurred in early June, affects a total of 3,754 customers, and affected 22 specific customers in New Hampshire, hence a public notification to the Department of Justice in the … Continued

Read More
Major Travel Brand Shines Spotlight on Weak Partner Security Issues

Major Travel Brand Shines Spotlight on Weak Partner Security Issues

Phishing Scam on Expedia Customers Underscores Third Party Breach Issues Update: Trump Hotels is the latest carding victim, reports security journalist Brian Krebs. Krebs outlines how Trump is one victim in a string of hotel, restaurant, and other retail establishments being targeted in 2015. Another week, another big brand’s customers are targeted through a third party. The … Continued

Read More
Banking Malware Trends Q1/Q2

Banking Malware Trends Q1/Q2

SecurityScorecard Releases First Major Research Report for 2015 Update: Although a major portion of Dridex has been taken down recently by the FBI, researchers are reminding organizations that there is an underground economy for botnets that offer this level of stealth. There is little doubt that Dridex, and new versions of it, are being circulated. “Think … Continued

Read More
Monthly News Roundup: Q2 Small Business Data Breaches

Monthly News Roundup: Q2 Small Business Data Breaches

Keep Track of SMB Security & Third Party Security Risks The big name brands may get all the security and data breach attention, but that does not mean that is where all of the data breaches and hacks are occurring. As we look closer at the entire security and risk management threat landscape and include small and … Continued

Read More
The Current State of UK Bank Security

The Current State of UK Bank Security

SecurityScorecard Digs into the Grades of UK Banks A Freedom of Information request in the UK has revealed 791 data breaches occurred at most of the region’s major banks since the start of 2013 (with 585 of the incidents occurring in 2014).  The FOI request was spawned by Egress Software Technologies, an email encryption provider, that recently reported … Continued

Read More
UPDATE: Feds Breached Again, Lose 21.5 Million Records

UPDATE: Feds Breached Again, Lose 21.5 Million Records

SecurityScorecard Finds Federal Department Had Poor Security Hygiene, Especially in IP Reputation LATEST UPDATE: The number of people affected by the OPM breach is now over 21.5 million, according to The New York Times. UPDATE: BloombergBusiness reported the numbers of employee and contractor records stolen could now be up to 14 million. The news organization … Continued

Read More
The Calm Before the Mobile API Data Breach Storm

The Calm Before the Mobile API Data Breach Storm

Prediction: Mobile App Security Practices Will Become a Third Party Data Risk Mobile security may not be as easy to exploit as other established attack styles, but this latest news could change that for the worse. The Center for Advanced Security Research Darmstadt (CASED) in Germany has responsibly disclosed a cloud application security issue it discovered and published … Continued

Read More
Gone in 60 Seconds: Verizon Breach Report Reveals 60% of Enterprise Attacks Succeed in Minutes

Gone in 60 Seconds: Verizon Breach Report Reveals 60% of Enterprise Attacks Succeed in Minutes

by Alexander Heid Chief Research Officer SecurityScorecard.com (NEW YORK, NY) – During April 2015, Verizon released their annual breach report  which identifies ongoing trends within enterprise cyber attacks. This year, the primary focus of the breach report centered around the prolific rise in phishing attacks that spread malware, and rise of of web application vulnerability attacks … Continued

Read More
Millions of Anthem customers alerted to hack

Millions of Anthem customers alerted to hack

by Elizabeth Weise, USATODAY Health insurer Anthem said hackers infiltrated its computer network and gained access to a host of personal information for customers and employees, including CEO Joseph Swedish. SAN FRANCISCO —Millions of Anthem health insurance customers woke Thursday morning to an e-mail from the company telling them hackers had gained access to the … Continued

Read More
What Social Enterprises Should Know About Cyber Security

What Social Enterprises Should Know About Cyber Security

Anne Field Contributor 2014 was, of course, quite the year for revelations about cyber attacks and data breaches at major companies like Sony , JP Morgan Chase , Home Depot HD -2.13%, and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to Alexander Heid, … Continued

Read More
New wave of credit card fraudsters opt for in-store pickup option

New wave of credit card fraudsters opt for in-store pickup option

Pilfered card data, Zip codes used by fraudsters to pick stores close to victims. by Sean Gallagher – Dec 4, 2014 12:42pm EST  Credit card breaches are the gift that keeps on giving—to Eastern European cybercriminals, at least. Taking advantage of the loosened security that comes with the holiday gift-buying rush, recent traffic on underground … Continued

Read More
Online or at Store Registers, Shoppers Worry About Hacks

Online or at Store Registers, Shoppers Worry About Hacks

BY CADIE THOMPSON Retail hacks have consumers thinking twice about how they will shop this holiday season. After a year of breaches, consumers don’t feel safe anymore when shopping online, and some are even straying from their favorite retailers as a result, according to a recent survey. “The number of breaches and the caliber of … Continued

Read More
The POODLE Vulnerability: Is the Dog's Bark Worse Than the Bite?

The POODLE Vulnerability: Is the Dog’s Bark Worse Than the Bite?

(October 27, 2014) – The instant the POODLE vulnerability within SSLv3 [CVE-2014-3536] was identified, SecurityScorecard R&D team moved to determine how much of the public  Internet was affected by this potentially severe security exposure. In addition, to separate fact from fiction, we sought to determine how exploitable POODLE was, and assign a true risk rating … Continued

Read More
Fake DropBox Password Leak Allows Rippers to Flourish - $1 USD obtained

Fake DropBox Password Leak Allows Rippers to Flourish – $1 USD obtained

On October 13, 2014 SecurityScorecard threat intelligence monitoring sensors detected a significant rise in leaked password chatter originating from Pastebin.com, as shown in Figure 1.1. Unidentified individuals made several postings on the website claiming to be in possession of over 7 million breached Dropbox accounts, and released a sample set of 400 to the public. … Continued

Read More