Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On June 8, an explosion took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. The company later explained that the explosion resulted from a rupture in an over-pressurized pipeline, but did not comment as to how the pressure built up enough to cause such a rupture. In the wake of the explosion, Freeport reported that the outage resulting from it would persist until September, after which the facility would only resume partial operations.

On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.

Organizations increasingly rely on third parties for business operations, and as a result are working with more digital suppliers than ever. According to Gartner, 60% of organizations work with more than 1,000 third parties and this number will grow. High-profile vulnerabilities such as Log4Shell are a constant reminder of the risks posed by a breakdown in the software supply chain. This has spurred enterprises to increase the rigor of software risk assessments to ensure supply chain security.

There are many critical factors to ensuring an effective cybersecurity program; however, two of the most important are accuracy and timeliness. With limited search capabilities that direct you to insufficient results or extended navigation time to find items of relevance, the cyber risk of your rapidly growing vendor ecosystem is left unmanaged. Think about it like this: when you have two contacts in your phone saved under the same first name, how do you determine which one is the right one to call?

A cyber incident can range from a minor power outage to a full-scale cyber attack. No matter the incident scale, having clear guidelines to follow can help organizations create effective and standardized response plans. The SysAdmin, Audit, Network, and Security (SANS) Institute is one of the leading organizations providing cybersecurity training, research, and certification.

The telecom industry is continuously evolving as laws governing the industry change, providers join new markets, and the expansion of cellular connections continues to grow. And since the global pandemic of COVID-19, millions of people around the world have relied on the availability of network services to work in addition to keeping in contact with their loved ones.

Here at SecurityScorecard, our mission is simple: To make the world a safer place. This mission necessitates that we embrace trust, transparency, and security. In furtherance of this mission, today we released our first-ever Chrome Extension. With the new SecurityScorecard Chrome Extension, you can automatically see the simple A-F security rating of the websites you visit, enabling you to evaluate the risk of the sites you visit before supplying your data to them.

Third parties are an inevitable and essential part of your business ecosystem. They’re your vendors, partners, and contractors. They improve efficiency, extend your reach, and make it possible to deliver the best possible products and services. From a security perspective, however, they also bring a significant amount of risk. Misconfigurations of a third-party’s cloud can lead to supply chain data breach risks.

Penetration testing and vulnerability scanning are both important practices that protect the network of a business. However, the two are very different from each other in the way they test the security and vulnerabilities of a network. Keep reading to learn more about the differences and how to decide whether one or both would best suit your needs.