Introducing MAX — Take supply chain cyber risk management to the MAX
Leverage unparalleled research to make smarter, faster business decisions
- Research
Cyber Conflict And The Erosion Of Trust: Introducing the Cyber Resilience Scorecard
January 15, 2024Our report explores the intricate dynamics between cyber threats, economic resilience, and the vital component of societal trust.
More DetailsCyber Threat Intelligence - Research
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has identified new infrastructure that appears to be linked to the threat actor group tracked as Volt Typhoon. Volt Typhoon is a state-sponsored group based in China that typically focuses on espionage and information gathering. Approximately 30% of the Cisco RV320/325 devices observed by SecurityScorecard in a 37-day period may have been compromised by Volt Typhoon.
More DetailsCyber Threat Intelligence - Research
Log4j Security Vulnerability
December 17, 2021Understanding the Origins, Implications, and What It Means for You. The SecurityScorecard Global Investigations team continues its investigation of the Log4j vulnerability. Using our global scanning technology, we’ve developed insights into the scope and extent of the Log4j vulnerability.
More DetailsCyber Threat Intelligence - Research
SecurityScorecard Validation Assessment Summary
Online found SecurityScorecard’s footprinting to be very accurate. Over the course of testing Online evaluated SecurityScorecard’s data for a total of 13 unique, unrelated, and randomly selected domains and found SecurityScorecard’s attribution process to have an accuracy of 95%. The accuracy for positively attributing IP Addresses was found to be 94% while for DNS Records it was found to be 100%.
More DetailsVlad Pasca
- Research
Android Malware on the Rise – A case study of AhMyth RAT
June 21, 2023The malicious application is based on the open-source Android RAT called AhMyth. The following commands are implemented: taking pictures, exfiltrating phone call logs and phone contacts, stealing files and SMS messages from the phone, tracking the device’s location, recording audio, and sending SMS messages. The network communication with the C2 server is done by switching from HTTP to WebSocket via the Socket.IO library.
More DetailsVlad Pasca
- Research, White Paper
How To Increase The Value Of Your GRC Platform With Risk Identification And Quantification
July 12, 2022More DetailsAttack Surface Management, Enterprise Cyber Risk, Security Ratings, Supply Chain Cyber Risk - Research
A Detailed Analysis Of The Gafgyt Malware Targeting IoT Devices
October 18, 2022More Details - Research, White Paper
A Detailed Analysis Of The Quantum Ransomware
September 14, 2022More DetailsAttack Surface Management, Cyber Insurance, Cyber Threat Intelligence, Enterprise Cyber Risk, Security Ratings, Supply Chain Cyber Risk