Cybersecurity white papers, data sheets, webinars, videos and more

September 12, 2025

What is SOC 2 Compliance? A Complete Guide for Security Leaders

What is Threat Intelligence in Cybersecurity? A Comprehensive 2025 Overview The cybersecurity landscape has dramatically shifted since 2024, with threat actors becoming increasingly sophisticated, leveraging advanced AI capabilities to orchestrate attacks. As we navigate 2025, proactive threat intelligence has become more critical than ever for organizations seeking to… Read More

Tech Center

September 12, 2025

What is Ransomware?

Ransomware represents one of the most damaging cyber threats facing organizations today. This malicious software encrypts a victim’s files and demands payment—typically in cryptocurrency—for the decryption key. Unlike other forms of malware that steal data quietly, ransomware makes its presence known immediately, often displaying threatening messages and countdown… Read More

Tech Center

September 12, 2025

Zero‑Day Attack Prevention: How to Prepare

How to Prevent Zero-Day Attacks? Zero day prevention has become a top priority for security teams worldwide, as these attacks bypass traditional defenses and cause devastating damage before patches become available. Understanding how to prevent zero day attacks requires a multi-layered approach combining proactive security measures,… Read More

Tech Center

September 10, 2025

When SaaS Trust Becomes a Threat: Insights from the Salesloft Drift Compromise

A recent breach at Salesloft shows how attackers can use trusted tools against the very companies that rely on them. Attackers used OAuth tokens for the “Drift” chat agent integration with Salesforce to gain access to sensitive customer data in recent days. The series of incidents highlights how… Read More

STRIKE Team

September 8, 2025

Now You Can See European Union Vulnerability Database (EUVD) IDs in the SecurityScorecard Platform

Third-party risk management is complex as teams often struggle to track vulnerabilities across different data sources and standards. This can be especially challenging when working with vendors in the European Union, who may rely on a different set of databases with naming standards that don’t always align with… Read More

September 3, 2025

Importance of Reputational Risk Monitoring & Management

News headlines about data breaches have increased customer awareness and concern around data privacy and security. Today, customers – both in business-to-business or business-to-customer situations – make their purchasing decisions based on cybersecurity. Now, particularly, as customers do more business online, thanks to the COVID-19 pandemic, organizations are under more… Read More

August 26, 2025

How to Communicate Third-Party Risk to the Board

Board communication remains one of the most challenging aspects of cybersecurity leadership, particularly when discussing third-party risks. Through our extensive work with organizations across industries, we’ve seen how complex this challenge can be. Board members are intelligent business leaders, but many lack significant cyber experience and… Read More

August 26, 2025

Scorecarder Spotlight: John Gonzalez

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners.    Name: John Gonzalez Role: Staff Infrastructure Services Engineer   Tell us a little… Read More

Scorecarder Spotlight

August 18, 2025

Red Team Cybersecurity: Complete Guide to Red Team Testing

What is Red Teaming in Cybersecurity? Red team cybersecurity represents one of the most comprehensive approaches to testing an organization’s security defenses. Unlike traditional security assessments, red teaming simulates real-world attack scenarios to identify vulnerabilities across people, processes, and technology. This methodology provides organizations with actionable insights into… Read More

August 18, 2025

SQL Injection in Cyber Security Prevention Guide

SQL injection attacks represent one of the most persistent and dangerous threats facing web applications today. This vulnerability allows attackers to manipulate SQL statements and gain unauthorized access to sensitive data stored in your backend database.  For security professionals managing third-party vendor relationships and enterprise risk… Read More

August 18, 2025

What is Residual Risk in Cybersecurity?

Residual Risk in Cybersecurity: Definition and Examples Every cybersecurity professional must face the reality that there is no such thing as perfect security. Organizations are still vulnerable to possible threats even after implementing strong security controls, monitoring systems, and thorough risk management frameworks.  The residual risk… Read More

August 18, 2025

FTP Security Risks, Vulnerabilities & Best Practices Guide

File Transfer Protocol (FTP) remains one of the most widely used methods for transferring files across networks, yet many organizations overlook the significant risks associated with FTP implementations. As cyber threats become increasingly sophisticated, understanding FTP vulnerabilities and implementing proper protective measures has become critical for protecting sensitive… Read More

August 5, 2025

From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War

In June 2025, during the 12-day conflict between Israel and Iran, a network of Iran-linked hackers launched a flurry of cyber-operations aligned with the war. As air strikes crossed borders, a vast array of hacking groups began working to sway public opinion, disrupt businesses, and intimidate and undermine… Read More

STRIKE Team

August 1, 2025

SecurityScorecard Discovers new botnet, ‘Zhadnost,’ responsible for Ukraine DDoS attacks

Executive Summary SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine. Details of these DDoS attacks have not yet been publicly identified. SSC discovered a botnet of more than 3,000 unique IP addresses, across… Read More

August 1, 2025

Scorecarder Spotlight: Minh Pham

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Minh Pham Role: Senior Customer Success Manager   Tell… Read More

Scorecarder Spotlight

July 9, 2025

Why Continuous Monitoring Is Replacing Point-in-Time Audits for Compliance

Keeping pace with cybersecurity regulations in 2025 isn’t just about annual audits. It’s about real-time visibility across your entire supply chain. And that’s not just a fringe expectation for some industries. It’s increasingly a requirement across sectors as compliance frameworks and regulations evolve to meet present-day threats and attackers… Read More

Compliance

July 8, 2025

What Is Residual Risk and How Do You Mitigate It?

What Is Residual Risk? Residual risk is the cybersecurity risk that remains even after organizations implement controls. It reflects the reality that no security program can fully eliminate risks and threats. Even well-defended systems carry exposure due to limitations… Read More

July 8, 2025

What Does CIRCIA Require—and How Can You Prepare for Reporting Cyber Incidents?

What Is CIRCIA? The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a United States federal law that mandates timely reporting of major cyber incidents—including ransomware payments. Its goal is to improve the cybersecurity of the nation and enable the Cybersecurity and Infrastructure… Read More

July 8, 2025

What Is Triage in Cybersecurity Incident Response?

Understanding Triage in Cybersecurity Triage in cybersecurity is an important phase of incident response. Like emergency room triage, it’s about quickly understanding which threats matter most and which can wait. Without it, teams risk spending time on false positives while real threats… Read More

July 8, 2025

What Is MXToolbox and How Can You Use It Securely?

​​What Is MXToolbox? MXToolbox is a free online tool widely used by IT and cybersecurity professionals to troubleshoot email infrastructure and check domain health. It offers real-time insights into DNS configurations, email deliverability issues, blacklist status, and mail server availability. Although it’s… Read More

July 8, 2025

How SSL Certificates Work—and Why They Still Matter

What Is an SSL Certificate? An Secure Sockets Layer (SSL) certificate—now technically a TLS certificate—is a digital certificate that verifies a domain’s identity and enables HTTPS encryption between a server and a user’s browser. Once installed,… Read More