: Passing null to parameter #1 ($string) of type string is deprecated in <b>/nas/content/live/ssc2024/wp-includes/formatting.php</b> on line <b>4482</b><br />
)
Our Latest Resources
Explore our cybersecurity white papers, data sheets, webinars, videos and more.
-
Data SheetPenetration Testing
April 20, 2022Seek out exploitable issues before a hacker does
More DetailsServices -
Data SheetCyber Risk Quantification With Threat Connect
April 25, 2022More DetailsSupply Chain Cyber Risk -
Data SheetSecurityScorecard For Executive Level & Board Reporting
November 9, 2021More DetailsExecutive Viewpoint, Supply Chain Cyber Risk -
Research, White PaperA Detailed Analysis Of The Quantum Ransomware
September 14, 2022More DetailsAttack Surface Management, Cyber Insurance, Cyber Threat Intelligence, Enterprise Cyber Risk, Security Ratings, Supply Chain Cyber Risk -
Case StudyHoriens Reduces Supply Chain Risk with SecurityScorecard
July 19, 2023Using SecurityScorecard has given Horiens a tremendous competitive advantage as a risk management and insurance partner by providing relevant and actionable cybersecurity insights. With supply chain resilience as one of its main focus areas, Horiens has used SecurityScorecard’s tools to demonstrate its commitment to cybersecurity, improving its relationships and reliability.
More Details -
Research, White PaperExpand Your Vendor Intelligence To Identify Active Threats
February 28, 2023Research by Ponemon Institute reports that 59% of survey respondents haveconfirmed that their organization has experienced a data breach caused byone of their third parties, with 54% of the incidents occurring in the past12 months. What is more alarming is that only 34% of organizations areconfident their suppliers would notify them of a breach that couldput their business at risk. As the global attack surface continuesto expand, it’s more important than ever to tighten and matureThird- Party Risk Management (TPRM) programs, alsoreferred to as Vendor Risk Management. Staying ahead ofweaponized vulnerabilities and threat actors targetingyour vendors’ assets decreases the chances of acyber disruption to your organization.
More DetailsAttack Surface Management, Cyber Threat Intelligence, Enterprise Cyber Risk, Security Ratings, Supply Chain Cyber Risk -
ResearchSecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs
August 16, 2023On July 11th, 2023, Microsoftdisclosed that a threat actor hadobtained a Microsoft private encryption key that allowed attackersto generate tokens enabling accessto customers’ Exchange Online andOutlook[.]com accounts.Subsequent research found that thecompromised key could have grantedaccess to a wider variety of applications including Azure Active Directory,SharePoint, Teams, and OneDrive.
More Details -
ResearchClose Encounters in the Finance Sector
May 25, 2023It’s often said that cyber defenses are only as strong as the weakest link, which applies equally to individual organizations and their supply chains. Headlines of breaches stemming from third (and fourth) parties routinely testify to the truth behind the adage. As a result, most finance firms know the risks imposed by these “close encounters” with third and fourth parties. But what can be done about those risks? SecurityScorecard and the Cyentia Institute recently teamed up to analyze data collected on over 230,000 organizations for clues about the underlying conditions exacerbating third- and fourth-party risk. We measured the extent of digital supply chains, investigated the prevalence of security incidents among third- and fourthparty vendors, and explored the effects of that exposure to gain insights on better managing risk.
More Details -
Data SheetZero-Day as-a-Service (ZDaaS)
August 30, 2023Your Ultimate Defense Against Zero Days Zero-Day Vulnerability Identification: Our ROC analysts leverage SecurityScorecard signals and threat intelligence to identify active zero day exploits as they develop. Vendor Assessment for Potential Impact: Targeted vendors within your third and fourth-party ecosystem are assessed for potential impact to an announced zero day vulnerability/ critical CVE. Zero-Day Reports: Our comprehensive reports provide precise recommendations to counter identified zero day vulnerabilities/ critical CVEs and solidify your cybersecurity defenses. Detailed findings, outputs, and score improvement planning Zero-day vulnerabilities are unseen, undetectable risks, waiting to exploit gaps in your IT environment and supply chain ecosystem. Your team can do everything right and still be breached due to a zero day critical vulnerability.
More DetailsProfessional Services, Services -
Infographic5 Steps to Avoid Cyber Incident
March 10, 2023Most security professionals cite cybersecurity as a primary concern but don’t necessarily have the tools to prioritize it and effectively protect their companies. Implementing these five steps will help to avoid significant disruption of service and reputational damage, while saving your organization millions of dollars.
More Details -
Case StudySecurityScorecard Improves UNICCs Cyber Hygiene
March 16, 2023SecurityScorecard ImprovesUNICC’s Cyber HygieneRatings Help Defend 80+ United NationsPartner Organizations from Cyberattack
More Details -
Ebook5 Steps You Can Take To Boost Your Boards Involvement And Stay Compliant
September 11, 2023PoshC2 is an open-source C2 framework used by penetration testers and threat actors. It can generate a Powershell-based implant, a C#.NET implant that we analyze in this paper, and a Python3 implant. The malware retrieves the current Windows user, the network domain name associated with the current user, the computer name, the processor architecture, the current process name and id, and the path of the Windows directory. The network communication is encrypted using the AES algorithm with a hard-coded key that can be changed by the C2 server. The C# implant can load and execute modules in memory without touching the disk by using multiple commands. It can perform post-exploitation activities by loading tools such as SharpHound, Rubeus, SharpView, and Seatbelt.
More DetailsVlad Pasca