SecurityScorecard Blog
Read the latest blog posts published weekly.
-
BlogLazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
February 13, 2025North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named "Marstech1."
More DetailsSTRIKE Team -
BlogA Deep Peek at DeepSeek
February 10, 2025DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the data and why.
More DetailsSTRIKE Team -
BlogThird-Party Risk Management Framework: How to Select the Right One
February 4, 2025Third parties come with significant cyber security risks. Learn how to select the right risk management framework.
More Details -
BlogBeyond the Perimeter: Why CISOs Need Supply Chain Detection and Response
February 4, 2025Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks. SCDR is a comprehensive security framework that focuses on identifying, assessing, and responding to threats within the supply chain.
More DetailsSCDR, Supply Chain Cyber Risk -
BlogOperation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
January 29, 2025In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named "Phantom Circuit," targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.
More DetailsSTRIKE Team -
Blog, Learning CenterImplementing Non-Repudiation in Your Security Strategy: Best Practices and Techniques
Explore best practices for implementing non-repudiation in security strategies to ensure transaction authenticity and protect against fraud.
More DetailsTech Center -
Blog5 Reasons to Integrate Continuous Monitoring into Your TPRM Program
January 21, 2025Learn 5 reasons your organization should integrate continuous monitoring into their third-party risk management program. Read SecurityScorecard's blog
More Details -
BlogWhat is the Threat Landscape?
January 17, 2025Discover the current threat landscape and learn how to identify, assess, and mitigate evolving cyber risks to protect your organization from potential attacks.
More Details -
Blog, ResearchOperation 99: North Korea’s Cyber Assault on Software Developers
January 15, 2025On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit.
More DetailsRyan Sherstobitoff, SVP, Threat Research & Intelligence in Threat Intelligence
STRIKE Team -
BlogHow Security Ratings Help Build Strong Business Relationships
January 14, 2025See how security ratings allow you to strengthen business relationships by giving you the information you need to enable stronger business outcomes. Learn more about security ratings for business.
More Details -
BlogSecuring Patient Data: A Guide to Managed Services for Supply Chain Detection and Response in Healthcare
January 14, 2025Patient data is among the most sensitive and valuable information in the healthcare industry. A single breach can have devastating consequences. Learn how a managed service for SCDR can help.
More DetailsSCDR -
BlogSecuring Your Financial Ecosystem: A Guide to Managed Services for Supply Chain Detection and Response
January 10, 2025This blog explores the critical role of Managed Services for Supply Chain Detection and Response (SCDR) in securing your financial institution.
More DetailsSCDR
