Resources
Cybersecurity white papers, data sheets, webinars, videos and more
Resource Library
Research
Ransomware Affiliates Exploit Recently-Discovered PaperCut Vulnerability
On April 26, security researchers announced the discovery of CVE-2023-27350 and CVE-2023-27351, vulnerabilities in the PaperCut print management software solution.
Cyber Threat Intelligence
Webinars
Unlock Enhanced Breach Predictability: Unveiling Scoring 3.0
Learn more in this resource.
Research
Investigation into Breached Australian Organizations
In mid-March, two Australian financial and professional services firms reported data breaches. These were followed by a series of cyber incidents affecting large Australian firms throughout 2022 and early 2023. As a result, some reporting on the incidents presented them as indications of systematic shortcomings in the country’s cyber defenses.\r\n\r\n
Cyber Threat Intelligence
Research
Investigation into Last Month’s Royal Ransomware Attack Against a City Government
On May 1, local media reported that a city government had suffered a disruption resulting from an attack claimed by the Royal ransomware group.\r\n
Cyber Threat Intelligence
Public Sector
Research
LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm
On June 29, the LockBit ransomware group added an entry for a major semiconductor manufacturer to its data leak site.
Attack Surface Management
Cyber Insurance
Cyber Threat Intelligence
Research
LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm
On June 29, the LockBit ransomware group added an entry for a major semiconductor manufacturer to its data leak site.
Attack Surface Management
Cyber Insurance
Cyber Threat Intelligence
Research
SecurityScorecard Identifies Possible Flax Typhoon Infrastructure
On August 24, Microsoft published its analysis of espionage activity it attributes to a new threat actor group tracked as Flax Typhoon, which it assesses to act on behalf of the People’s Republic of China.
Cyber Threat Intelligence
Research
Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education
Following Microsoft’s identification of Flax Typhoon, a new threat actor group believed to conduct espionage on behalf of the People’s Republic of China (PRC), the STRIKE Team used SecurityScorecard’s data to investigate the IoCs Microsoft supplied in its report. This investigation yielded a collection of new IP addresses featuring the same TLS certificates that Microsoft linked to Flax Typhoon.\r\n\r\n
Cyber Threat Intelligence
Public Sector
Research
Daixin Team Ransomware Group Claimed Airline Ransomware Attack
Executive Summary An information security researcher reported on November 20 that the Daixin Team ransomware group had claimed that a recent attack against an airline had resulted in a breach exposing the personal data of all airline employees and five million passengers. Following this report, the SecurityScorecard Threat Research,… Read More
Cyber Threat Intelligence
Public Sector
Research
Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services
Executive Summary A U.S. county government announced on September 11 that a recent cyber incident strongly resembling a ransomware attack had disrupted its online services. SecurityScorecard researchers identified evidence suggesting two possible (and not mutually exclusive) paths by which the threat actors may have accessed county systems: Two… Read More
Cyber Threat Intelligence
Public Sector
Research
Microsoft ProxyNotShell Zero Days
Prepared by: Rob Ames, Staff Threat Researcher, Jared M. Smith, Ph.D., Senior Director of Threat Research, Ryan Sherstobitoff, SVP of Threat Intelligence
メディア掲載
ScanNetSecurity: ISP やクライドプロバイダー向け ~ SecurityScorecard が業種別レーティングサービス提供
通信事業者、インターネットサービスプロバイダー、クラウドプロバイダー向けに開発した業種別セキュリティレーティングサービスを発表した。
Japanese
Press
SecurityScorecard Appoints Tenable Co-Founder as Senior Advisor
SecurityScorecard today announced the appointment of Renaud Deraison, Co-Founder of Tenable and a pioneer of vulnerability management, as Senior Advisor and Chairman of its Corporate Advisory Board.
Blog
Introducing the Cyber Resilience Scorecard: SecurityScorecard Finds Global Cyber Risk and GDP Closely Linked
SecurityScorecard has published the first Cyber Resilience Scorecard, offering leaders and decision-makers a comprehensive and global view of global cyber risk. SecurityScorecard identified a strong correlation between a country’s cyber risk exposure and GDP, which underscores that a nation’s economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyber threats.
Cyber Threat Intelligence
Press
Davos 2024: Global Cyber Risk and GDP Closely Linked, New SecurityScorecard Research Reveals
SecurityScorecard, a global leader in Security Ratings, released the world’s first Cyber Resilience Scorecard at the World Economic Forum Annual Meeting. The Cyber Resilience Scorecard provides an unprecedented view of global cybersecurity risk, arming leaders with data-driven insights to safeguard the world’s economies.
Research
Cyber Conflict And The Erosion Of Trust: Introducing the Cyber Resilience Scorecard
Our report explores the intricate dynamics between cyber threats, economic resilience, and the vital component of societal trust.
Cyber Threat Intelligence
Research
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has identified new infrastructure that appears to be linked to the threat actor group tracked as Volt Typhoon. Volt Typhoon is a state-sponsored group based in China that typically focuses on espionage and information gathering. Approximately 30% of the Cisco RV320/325 devices observed by SecurityScorecard in a 37-day period may have been compromised by Volt Typhoon.
Cyber Threat Intelligence
Ebook
Evolve from Risk Management to Risk Intelligence
Proven Strategies to Drive a Risk Intelligence Program in Your Organization
White Papers
DORA and Cyber Risk: A New Framework for Third-Party Risk in the European Union
DORA is an effort to build resilience within the financial service sector by requiring financial services organizations to establish and monitor networks of trust amongst themselves and their ICT vendors. However, trust requires verification through monitoring and transparency.
Attack Surface Management
Cyber Threat Intelligence
DORA
Research
SecurityScorecard Validation Assessment Summary
Online found SecurityScorecard’s footprinting to be very accurate. Over the course of testing Online evaluated SecurityScorecard’s data for a total of 13 unique, unrelated, and randomly selected domains and found SecurityScorecard’s attribution process to have an accuracy of 95%. The accuracy for positively attributing IP Addresses was found to be 94% while for DNS Records it was found to be 100%.
Blog
Threat Intelligence Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has been investigating covert infrastructure linked to Volt Typhoon, a state-sponsored threat actor group believed to act on behalf of the People’s Republic of China. The group conducts multiple types of cyberattacks, but its use of compromised small office and home office (SOHO) equipment such as routers and firewalls is a recurring theme.
Cyber Threat Intelligence