Cybersecurity white papers, data sheets, webinars, videos and more

March 6, 2024

What is Sentinel? Harnessing the Power of Cloud-Native SIEM for Modern Cybersecurity Challenges

In the rapidly evolving landscape of cybersecurity, staying ahead of threats requires not just vigilance but advanced technology. Sentinel, Microsoft’s cloud-native Security Information and Event Management (SIEM) solution, represents a leap forward in the way organizations detect, investigate, and respond to cyber threats. This blog post… Read More

Tech Center

March 6, 2024

SMB Port Numbers: A Guide to Optimizing and Securing Your Network

In the digital age, where data is the new gold, ensuring the security and efficiency of network communication is paramount for businesses of all sizes. The Server Message Block (SMB) protocol plays a crucial role in facilitating file sharing, network browsing, and printer access among devices on a… Read More

Tech Center

March 6, 2024

New Malware Attributed to Russian Hacking Group APT28

Late last year, the Computer Emergency Response Team of Ukraine (CERT-UA) released an advisory that reported cyberattacks targeting Ukrainian state organizations attributed to the Kremlin-backed nation-state group APT28, aka Fancy Bear/Sofacy. The advisory listed the use of a new backdoor named “OCEANMAP,”… Read More

Cyber Threat Intelligence

March 4, 2024

What Are Proactive Ransomware Prevention Strategies for 2025?

Ransomware attacks remain one of the most destructive and costly cyber threats facing organizations today. These malicious software attacks encrypt files on a device, rendering them inaccessible to users, and demand a ransom for decryption keys. Many hacking groups exploit remote infrastructure, leverage… Read More

Attack Surface Management

Tech Center

March 1, 2024

SecurityScorecard 2024 Global Third-Party Cybersecurity Breach Report: Software supply chain is top target for ransomware groups

The SecurityScorecard Global Third-Party Breach Report uses the world’s largest proprietary risk and threat dataset to provide unique insights into the intricate web of supply chain vulnerabilities exploited by ransomware groups.   As the digital landscape continues to evolve, so too do the tactics of cyber… Read More

Cyber Threat Intelligence

Supply Chain Cyber Risk

February 23, 2024

Implementing Non-Repudiation in Your Security Strategy: Best Practices and Techniques

Trying to run a secure business? Then you know that defending against unauthorized access is only half the battle. The other half is ensuring that when a transaction or communication does happen, the responsible party can never successfully deny it. That essential layer of… Read More

Tech Center

February 23, 2024

Securing Port 139: Strategies to Prevent Unauthorized Access and Cyber Threats

In the realm of network security, safeguarding communication ports is a fundamental aspect of protecting a network’s integrity and confidentiality. Port 139, primarily used by the Server Message Block (SMB) protocol for file sharing in Windows networks, stands out as a critical point… Read More

Tech Center

February 23, 2024

The Essential Guide to SMB Port Configuration for Enhanced Network Security

The Server Message Block (SMB) protocol is a critical component of Windows networking, facilitating the sharing of files, printers, and serial ports among devices on the same network. While SMB plays a pivotal role in enhancing operational efficiency and collaboration within organizations, its associated ports, especially Port 445,… Read More

Tech Center

February 23, 2024

Port 445: Understanding Its Role in Cyber Attacks and Strategies for Defense

Understanding the nuances of network ports can be the key to safeguarding your digital assets against unauthorized access and cyber attacks. Among these, Port 445 stands out due to its significant role in network communication and its notorious association with various cyber threats. Read More

Tech Center

February 22, 2024

Top 10 Cybersecurity Questions to Ask Your Vendors: A step-by-step guide to reduce supply chain risk

A cybersecurity vendor questionnaire is vital in assessing the competency and reliability of potential partners. It serves as a comprehensive tool to evaluate various aspects crucial for safeguarding sensitive data and infrastructure. Through detailed inquiries about security protocols, compliance measures, incident response plans,… Read More

Supply Chain Cyber Risk

Tech Center

February 22, 2024

Beating LockBit at its Own Game: Law enforcement’s takedown of a prolific ransomware group

After a years-long investigation, this week the FBI and law enforcement agencies in the UK and Europe took over the main website of the cybercrime group known as LockBit. Law enforcement additionally arrested LockBit associates in… Read More

Cyber Threat Intelligence

February 22, 2024

3 2 1… Impact! Early Results under the SEC’s Cybersecurity Governance Rule

In July 2023, the SEC adopted a new rule requiring disclosure of “material” cybersecurity incidents and detailed information on cybersecurity risk management, strategy and governance by public companies. With the new rule taking effect in December and annual reports due for public release and consumption in… Read More

Public Sector

Services

February 21, 2024

Chinese Hacking Group Targets US Critical Infrastructure

Earlier this month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that the hacking group known as “Volt Typhoon” has been lurking in US critical infrastructure systems for at least five years.  Who’s behind Volt Typhoon? … Read More

Cyber Threat Intelligence

February 20, 2024

Unveiling the Shadows: The Rise of Volt Typhoon and the New Age of Cyber Threats

In the intricate web of global cybersecurity, the emergence of hacking groups like Volt Typhoon represents a profound shift in the landscape of cyber threats. Operating from the shadows, these entities have escalated their activities, drawing the attention of cybersecurity experts and global watch dogs alike. … Read More

Cyber Threat Intelligence

February 13, 2024

Love in the Time of Cyber Threats: Romance Scams and Dating App Cybersecurity

As the digital attack surface expands, organizations and individuals worldwide face the nonstop threat of cyberattacks, phishing scams, and other cyber vulnerabilities. And with Valentine’s Day here, romance scams — especially ones originating online — are intensifying. With that in mind, SecurityScorecard’s researchers took a close look… Read More

Cyber Threat Intelligence

February 9, 2024

Ensuring Biometric Data Security: Protecting the Keys to Your Identity

In the relentless quest for more secure and impenetrable authentication methods, researchers have turned their focus towards biometric authentication—a method renowned for its robustness and complexity, making it a tough nut for hackers to crack.  Biometric systems leverage our unique human characteristics, such as… Read More

Tech Center

February 8, 2024

Scorecarder Spotlight: Priya Thupili

Our series “Scorecarder Spotlight” showcases our talented employees and the incredible work they do.    Name: Priya Thupili  Title: Digital Marketing Manager  Location: Austin, TX    Where do you live, and what do you do in your free time?  I… Read More

Scorecarder Spotlight

February 7, 2024

C-Suite Liability & Cybersecurity: Navigating a New Era of Enforcement

On October 30, 2023, the SEC charged both SolarWinds and their CISO Tim Brown with defrauding investors, by failing to make disclosures about cybersecurity issues and vulnerabilities related to the massive nearly two-year long “SUNBURST” hack of the company.  This action by the SEC… Read More

Executive Viewpoint

February 7, 2024

What Drives Cyber Risk? Cyber Insurers and SecurityScorecard Reveal Answers

Seeking to stay ahead of hackers, many researchers have asked themselves what drives cyber risk. And many cyber insurance carriers have wondered how to accurately underwrite and price the risk. According to preliminary results from SecurityScorecard’s joint work with our cyber insurance partners, the answer is clear but multi-faceted. Adoption… Read More

Cyber Insurance

February 6, 2024

Applying the Churchill Knowledge Audit to Cybersecurity: The Importance of Security Ratings

When FedEx founder Fred Smith attended Yale in the mid-1960s, he wrote an economics paper describing the concept of overnight delivery of packages by air. His professor infamously gave him a “C” grade because he viewed it as implausible. But Smith knew something his professor didn’t—and it was an idea… Read More

Executive Viewpoint

February 5, 2024

Odyssey.conf 2024: Navigating the Future of Supply Chain Cybersecurity with SecurityScorecard

Last week, the Ritz Carlton, on fabulous Key Biscayne, FL, buzzed with the energy of Odyssey.conf, SecurityScorecard’s inaugural customer conference. Top industry minds, including Brian Krebs, Rob Knake, Jim Routh, and Hector Monsegur took to the stage along with SecurityScorecard staff and customers. Read More

Executive Viewpoint