Cybersecurity white papers, data sheets, webinars, videos and more

January 29, 2025

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in… Read More

STRIKE Team

January 16, 2025

What is the Threat Landscape?

The threat landscape refers to the evolving environment of cyber threats, attack methods, and attack vectors targeting organizations, governments, and individuals. Shaped by threat actors like hackers, nation-states, and criminal groups, it has grown increasingly complex with the rise of cloud computing, IoT devices, and interconnected supply chains. … Read More

January 15, 2025

Assembling the Dream Team: Building a High-Performing Supply Chain Incident Response Team

Organizations are increasingly reliant on third-party vendors. While this enables agility and innovation, it also introduces significant security risks. Cyberattacks originating from the supply chain are on the rise, underscoring the critical need for robust security measures. This article explores the key elements of… Read More

Threat-Informed TPRM

January 15, 2025

Operation 99: North Korea’s Cyber Assault on Software Developers

On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit. This campaign targets software developers looking for freelance Web3 and cryptocurrency work. If you thought fake job offers from the group’s Operation Dream Job campaign were bad,… Read More

STRIKE Team

January 10, 2025

Securing Patient Data: A Guide to Managed Services for Supply Chain Detection and Response in Healthcare

Patient data is among the most sensitive and valuable information in the healthcare industry. A single breach can have devastating consequences, including: Severe Fines: HIPAA violations can result in hefty fines, reputational damage, and potential legal action. Loss of Patient Trust: Breaches erode patient… Read More

Threat-Informed TPRM

January 10, 2025

Securing Your Financial Ecosystem: A Guide to Managed Services for Supply Chain Detection and Response

A single breach can have devastating consequences in the highly regulated financial services industry. From reputational damage and customer loss to severe financial penalties, safeguarding your entire ecosystem is paramount. This blog explores the critical role of Managed Services for Supply Chain Detection and Response (SCDR) in securing… Read More

Threat-Informed TPRM

December 19, 2024

Day in the Life of a CISO: A Vendor Breach: Assessing Our Exposure

It’s 10:47 PM, and I’m halfway through binge-watching the latest must-see series when my phone buzzes. A notification from SecurityScorecard has my attention instantly: one of our critical vendors has just reported a breach. I hit pause, grab my laptop, and dive straight in. As much as I’d… Read More

December 17, 2024

Scorecarder Spotlight: Portia Phillips

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners. Name: Portia Phillips Role: Senior Manager, Field Marketing  … Read More

Scorecarder Spotlight

December 17, 2024

Securing Your Healthcare Supply Chain: A Guide to Supply Chain Detection and Response

The Evolving Threat Landscape In today’s interconnected healthcare landscape, supply chain security has emerged as a critical concern. Cyber threats are becoming increasingly sophisticated, targeting vulnerable points in the supply chain to infiltrate networks and steal sensitive patient data. As a result, healthcare organizations must… Read More

Healthcare

Threat-Informed TPRM

December 13, 2024

Difference Between Supply Chain Detection & Response (SCDR) vs. Managed Detection and Response Services (MDR)

In today’s cybersecurity landscape, organizations face an ever-growing variety of threats, many of which originate from their supply chains. Traditional cybersecurity measures like Managed Detection and Response (MDR) have been widely adopted, but newer, more advanced approaches like Supply Chain Detection and Response (SCDR)… Read More

December 13, 2024

A Day in the Life of a CISO: An Employee Email Discovered in a Password Dump

The notification lands in my SecurityScorecard dashboard just as I’m wrapping up a meeting. An employee’s email address has shown up in a password dump on a dark web monitoring feed. Another day, another reminder of why cybersecurity is a full-contact sport. I immediately… Read More

December 13, 2024

Day in the Life of a CISO: Evaluating a Plugin Vendor

It’s mid-morning, and I’m making good progress when an email from a department head pops into my inbox. They’re thrilled about a new plugin that promises to streamline workflows for one of our most critical platforms. Naturally, they need me to sign off on the vendor’s security posture… Read More

December 12, 2024

How SecurityScorecard’s Supply Chain Detection and Response Protects Financial Institutions

As financial institutions continue to expand their digital ecosystems, the growing reliance on third-party vendors and service providers introduces significant cyber risks. With a majority of data breaches linked to vulnerabilities in the supply chain, managing these risks has become a necessity.  Traditional third-party risk management… Read More

December 3, 2024

Grow Your MSP Practice with SecurityScorecard MAX

Managing vendor security is a growing challenge for MSPs. Clients expect you to deliver enterprise-grade protection across their entire supply chain. However, many struggle with limited resources, manual processes, and the complexity of addressing third-party risks. SecurityScorecard MAX turns this challenge into an opportunity, helping you protect your… Read More

November 26, 2024

2025 Security Predictions: The Forces Reshaping Cybersecurity

As 2025 approaches, cybersecurity leaders are bracing for a year of intensifying challenges. Regulations are tightening, nation-state attackers are refining their strategies, and CISOs are under growing pressure. Aleksandr Yampolskiy, Co-Founder and CEO, Jeff Le, VP of Global Government Affairs and Public Policy, and Steve Cobb, CISO, all… Read More

Executive Viewpoint

Supply Chain Cyber Risk

Third-Party Risk Management

November 22, 2024

Vendor Risk Management: The Definitive Guide in 2025

As businesses grow more dependent on external partners, the risks associated with third-party vendors have emerged as a serious concern. An effective vendor risk management (VRM) program plays a vital role when it comes to identifying, assessing, and addressing these threats. When vendors fail to meet security standards,… Read More

November 22, 2024

What Is Cyber Risk Management?

As organizations expand their digital presence, managing cyber risk has become essential across industries. It involves a systematic approach to identifying, analyzing, and controlling risks to safeguard critical assets, infrastructure, and sensitive data. A well-established cyber risk management program allows organizations to enhance their cybersecurity posture,… Read More

November 20, 2024

Scorecarder Spotlight: Fabio da Cruz Maciel

Our “Scorecarder Learning & Development Spotlight” series showcases our talented, driven employees, the incredible work they do, and their quest to continue their development as lifelong learners.    Name: Fabio da Cruz Maciel Role: Solutions Architect   Tell us a… Read More

November 18, 2024

A Day in the Life of a CISO: Tackling a Major Vulnerability with Precision

6 AM, and I’m already on my second coffee. A late-night alert from SecurityScorecard flagged a critical vulnerability, SolarWinds-style, with major implications. Thanks to real-time intelligence from the platform, I’ve been able to brief our CIO and execs before the day even starts. Now,… Read More

November 18, 2024

A Day in the Life of a CISO: Turning Data into Boardroom Confidence

It’s 7:30 AM, and my inbox greets me with a digital curveball: an email from Alex, our Chairman. He wants a detailed update on how we’re stacking up against our competitors on cybersecurity—complete with specifics, trends, and business unit breakdowns. Great. It’s not even 8 AM, and I’m… Read More

November 12, 2024

The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat

A silent danger is sweeping through the world’s critical infrastructure. The SecurityScorecard STRIKE Team has uncovered a resurgence of Volt Typhoon—a state-sponsored cyber-espionage group from the Asia-Pacific region, known for its precision and persistence. This is no ordinary attack. Volt Typhoon exploits unprotected, outdated edge devices within targeted… Read More

STRIKE Team