Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2022

Exploit of Log4Shell Vulnerability Leads to Compromise of Major South American Vaccine Distributor

On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.

SecurityScorecard and AWS Help Make Secure Software Procurement Faster and Easier

Organizations increasingly rely on third parties for business operations, and as a result are working with more digital suppliers than ever. According to Gartner, 60% of organizations work with more than 1,000 third parties and this number will grow. High-profile vulnerabilities such as Log4Shell are a constant reminder of the risks posed by a breakdown in the software supply chain. This has spurred enterprises to increase the rigor of software risk assessments to ensure supply chain security.

'One-Stop Shop' Functionality with Global Search

There are many critical factors to ensuring an effective cybersecurity program; however, two of the most important are accuracy and timeliness. With limited search capabilities that direct you to insufficient results or extended navigation time to find items of relevance, the cyber risk of your rapidly growing vendor ecosystem is left unmanaged. Think about it like this: when you have two contacts in your phone saved under the same first name, how do you determine which one is the right one to call?

What is the SANS Framework? The 6 Steps to Handling a Cyber Incident

A cyber incident can range from a minor power outage to a full-scale cyber attack. No matter the incident scale, having clear guidelines to follow can help organizations create effective and standardized response plans. The SysAdmin, Audit, Network, and Security (SANS) Institute is one of the leading organizations providing cybersecurity training, research, and certification.

Top 4 Emerging Trends in Telecom Risk Management

The telecom industry is continuously evolving as laws governing the industry change, providers join new markets, and the expansion of cellular connections continues to grow. And since the global pandemic of COVID-19, millions of people around the world have relied on the availability of network services to work in addition to keeping in contact with their loved ones.

New: SecurityScorecard Extension for Chrome

Here at SecurityScorecard, our mission is simple: To make the world a safer place. This mission necessitates that we embrace trust, transparency, and security. In furtherance of this mission, today we released our first-ever Chrome Extension. With the new SecurityScorecard Chrome Extension, you can automatically see the simple A-F security rating of the websites you visit, enabling you to evaluate the risk of the sites you visit before supplying your data to them.

5 Steps to Selecting a Vendor Risk Management Framework

Third parties are an inevitable and essential part of your business ecosystem. They’re your vendors, partners, and contractors. They improve efficiency, extend your reach, and make it possible to deliver the best possible products and services. From a security perspective, however, they also bring a significant amount of risk. Misconfigurations of a third-party’s cloud can lead to supply chain data breach risks.

Why Cyber Insurance Is Not Enough

“My company has cyber insurance. Isn’t that enough to protect us?” NO. Cyber insurance will help you cover the damages but won’t protect you from being hacked in the 1st place or recover as soon as possible if you’re attacked. In fact, a lot of progressive cyber insurance companies today also provide preventative care tools (like SecurityScorecard). They know the importance of having an entire cybersecurity toolset rather than just having insurance.

What's the Difference Between Penetration Testing vs Vulnerability Scanning?

Penetration testing and vulnerability scanning are both important practices that protect the network of a business. However, the two are very different from each other in the way they test the security and vulnerabilities of a network. Keep reading to learn more about the differences and how to decide whether one or both would best suit your needs.

What is Data Exfiltration and How Can You Prevent It?

Every day, cybercriminals are seeking new techniques to extract data and infiltrate networks; one of these techniques is data exfiltration. To prevent these kinds of cyber threats, we must learn how data exfiltration works, the methods used to execute attacks, and how companies can secure their network from further data breaches. Let’s take a closer look.

8 Best Practices for Securing the Internet of Things (IoT)

While the Internet of Things (IoT) can provide helpful insights, it can also introduce a host of new security vulnerabilities into your organization. Without a clear understanding of the importance of IoT security, your organization will continue to introduce new vulnerabilities without even realizing it. Let’s take a closer look at how IoT security is important and the best practices your organization can use to improve the overall security of your organization.

What is Mobile Forensics? A Real Example From the SecurityScorecard Forensics Lab

Mobile forensics is recovering digital evidence from mobile devices using accepted methods. A lot of information can be discovered by analyzing a criminal’s phone. That’s why mobile forensics and digital forensics as a whole are becoming valuable assets for law enforcement and intelligence agencies worldwide. In 2021, there were 15 billion operating mobile devices worldwide. That’s nearly two per person. The amount of data stored across these devices is astounding.

The Rise of Endpoint Security Risks: 6 Common Types

With flexible work environments now the norm, the use of endpoint devices has increased – whether your organization allows work-from-home days, hires freelancers, and collaborates through email and phone calls. Many employees require access to the corporate network to carry out their daily responsibilities, and endpoint devices allow employees to do just that. That said, endpoints have become one of the biggest attack vectors for cybercriminals since they are easier to target.

Why We Don't Charge Extra for Additional Logins

We charge 0$ for additional login at SecurityScorecard. Here's why: One of our company values is customer-centricity. So we asked ourselves: "What's best for the customer?" What's best for customers is to give logins to as many people in the organization as possible. We want every team in the organization to benefit from the insights provided by the SecurityScorecards, including: This way, everybody knows the risk of entering into a proof of concept engagement or signing a contract with a vendor or service provider.

How We Save You From Endless Security Questions

Stop using questionnaires to assess the risk of your business partners. Here's why: Suppose you want to hire a marketing firm to help grow your company. To assess the risk, you send them a 20-page questionnaire asking about 2-factor authentication, data encryption, etc. Even if they have a 2-factor authentication in place, e.g., you still have to ask for their company policy to verify. Not only does that result in mountains of paperwork.