SecurityScorecard Blog
Read the latest blog posts published weekly.
-
Blog
Three Steps to Prevent a Cybersecurity Breach from MOVEit Exploit: SecurityScorecard’s investigation into Zellis reach uncovers 2,500 exposed MOVEit servers across 790 organizations
June 7, 2023Learn about SecurityScorecard's investigation into the Zellis breach, which uncovered over 2.500 vulnerable servers across 790 organizations.
More DetailsCyber Threat Intelligence -
Blog
Prepare for Zero-Day Threats: Military and Private Sector Leaders Share Their Insights
April 14, 2023Leading cybersecurity experts Major General John F. Wharton, (US Army retired); Oleg Strizhak, Shell’s Digital Supply Chain Risk Manager; and Sam Curry, the CISO of Zscaler, recently sat down with SecurityScorecard’s President of International Operations Matthew McKenna to discuss how organizations can prepare themselves and their supply chains for zero-day attacks, preventing and responding to them, as well as best practices for supply chain risk management.
More DetailsCyber Threat Intelligence, Public Sector -
Blog
7 Factors that Drive Cyber Risk: New Research from Marsh McLennan and SecurityScorecard
April 12, 2023Cyber risk is dynamic and influenced by a wide range of variables, quantifying it requires numerous, continuously updated data points.
More DetailsCyber Insurance -
Blog
6 Ways To Use SecurityScorecard APIs and Integrations
April 4, 2023Optimize your security workflows and deliver intelligence with the largest ecosystem of integrated technology partners. Learn more.
More DetailsSecurity Ratings -
Blog
SecurityScorecard releases list of Killnet open proxy IP addresses
February 7, 2023In the wake of Killnet’s latest DDoS attack on U.S. hospitals on January 30, SecurityScorecard has made its KillNet open proxy IP blocklist available to the public. This list is the product of the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team’s ongoing research into KillNet. We released this list to help organizations better defend themselves against KillNet and other groups like it by preventing traffic from exploitable assets. In this blog, we’ll explain how we developed this proxy list and our recommendations for preventing DDos attacks.
More DetailsCyber Threat Intelligence -
Blog
Close Encounters of the Third- (and Fourth-) Party Kind: The Blog
February 1, 2023Let’s dive deeper into some other insights that help us understand the true extent of exposure from third- and fourth-party relationships.
More DetailsSupply Chain Cyber Risk -
Blog
What Drives Cyber Risk? Cyber Insurers and SecurityScorecard Reveal Answers
October 19, 2022Seeking to stay ahead of hackers, many researchers have asked themselves what drives cyber risk. And many cyber insurance carriers have wondered how to accurately underwrite and price the risk. According to preliminary results from SecurityScorecard’s joint work with our cyber insurance partners, the answer is clear but multi-faceted.
More DetailsCyber Insurance -
Blog
What is Cyber Risk Quantification? A Comprehensive Guide
October 6, 2022Cyber risk quantification is the process of quantifying cyber risk by putting a monetary value on the potential impact of each prospective threat. Learn more.
More DetailsCyber Insurance, Tech Center -
Blog
What is Cyber Risk Quantification? A Comprehensive Guide
October 6, 2022Cyber risk quantification is the process of quantifying cyber risk by putting a monetary value on the potential impact of each prospective threat. Learn more.
More DetailsCyber Insurance, Tech Center -
Blog
SecurityScorecard Partners with JCDC to Democratize Continuous Monitoring and Cybersecurity Risk Management
September 28, 2022Cybersecurity is a team sport, and SecurityScorecard is proud to partner with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure.
More DetailsPublic Sector -
Blog
TTPs Associated With a New Version of the BlackCat Ransomware
September 6, 2022In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor.
More DetailsCyber Threat Intelligence -
Blog
Analysis of APT35 infrastructure reveals interest in Egyptian Shipping Companies
August 31, 2022More DetailsRyan Slaney and Robert Ames, Staff Threat Researchers and Alex Heid, Chief Research Officer