Resources
Cybersecurity white papers, data sheets, webinars, videos and more
Resource Library
Blog
3 Takeaways: New SEC Cyber Risk Disclosure Rules
Blog: New rules require a detailed assessment of supply chain and organizational resilience
Services
Press
SecurityScorecard Research Reveals 78% of Europe’s Largest Financial Institutions Experienced a Third-Party Breach in the Past Year
Financial service organizations face uphill battle to comply with Digital Operational Resilience Act (DORA) required by January 2025.
Data Sheet
How To Prepare For The Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) is a pivotal piece of legislation aimed at strengthening the digital resilience of regulated financial entities in the European Union, including: credit institutions, investment firms, insurers, and more. Included in DORA are five key pillars that will shape how these organizations manage Information and Communication technology (ICT) and cyber risks.
DORA
Security Ratings
Third-Party Risk Management
Data Sheet
Achieve DORA Compliance with SecurityScorecard
SecurityScorecard offers a comprehensive solution for adhering to all major aspects of DORA, enabling your organization to minimize ICT risk exposures, build a resilient digital supply chain, and avoid non-compliance penalties.
DORA
Security Ratings
Supply Chain Cyber Risk
Webinars
Storms on the Horizon: Protecting Loss Ratios from the Expected and Unexpected
Learn more in this resource.
Cyber Insurance
Webinars
Storms on the Horizon: Protecting Loss Ratios from the Expected and Unexpected
Learn more in this resource.
Cyber Insurance
Webinars
Threat Talk Thursday E02
Learn more in this resource.
Webinars
Threat Intelligence 101 for Today’s Security Program
Learn more in this resource.
Case Studies
Horiens Reduces Supply Chain Risk with SecurityScorecard
Using SecurityScorecard has given Horiens a tremendous competitive\r\nadvantage as a risk management and insurance partner by providing\r\nrelevant and actionable cybersecurity insights. With supply chain resilience\r\nas one of its main focus areas, Horiens has used SecurityScorecard’s tools\r\nto demonstrate its commitment to cybersecurity, improving its relationships\r\nand reliability.
Research
A Technical Analysis Of The Quasar Forked Rat Called Void Rat
VoidRAT is based on the open-source RAT called Quasar. The malware steals information from web browsers and applications such as FileZilla and WinSCP. It also implements a keylogger functionality that saves and exfiltrates the pressed keys.
Blog
What is Cyber Threat Hunting?
Master cyber threat hunting with expert techniques and tools to find hidden threats before they cause data breaches.
Cyber Threat Intelligence
Tech Center
Blog
What is Threat Intelligence in Cybersecurity?
Threat intelligence helps you understand, prevent, and mitigate cyber threats. Learn how threat intelligence can benefit your business.
Tech Center
Webinars
Threat Talk Thursday E01
Learn more in this resource.
Case Studies
RSUI
Security ratings are critical to me as an underwriter because cyber landscape is continuously evolving
Cyber Insurance
Case Studies
RSUI
Security ratings are critical to me as an underwriter because cyber landscape is continuously evolving
Cyber Insurance
Blog
Fortinet Fortigate Vulnerability CVE-2023-27997: How to Surface Exposed Devices and Mitigate the Threat
Recently, a critical vulnerability tracked as CVE-2023-27997 was identified in Fortinet Fortigate appliances. This vulnerability has been exploited by the Chinese APT group Volt Typhoon, among others, targeting governments and organizations worldwide. \r\n\r\nAs a result, Fortinet has released an urgent patch for affected systems. For a more detailed understanding of this vulnerability and the corresponding patch, you can read this Fortinet blog post.\r\n
Cyber Threat Intelligence
Webinars
Building a Strong Defense: Red Team Insights for Cybersecurity
Learn more in this resource.
Webinars
Fighting Together: TSA, Critical Infrastructure, And Cyber Risk Management
Learn more in this resource.
Public Sector
Blog
Cybersecurity Risk is a Business Risk: Upcoming SEC Regulations Make Security Transparency Mandatory
During an interview on Nasdaq Trade Talks, SecurityScorecard CEO, Aleksandr Yampolskiy, discussed the impact of upcoming regulations by the SEC.
Services
Research
Android Malware on the Rise – A case study of AhMyth RAT
The malicious application is based on the open-source Android RAT called AhMyth. The following commands are implemented: taking pictures, exfiltrating phone call logs and phone contacts, stealing files and SMS messages from the phone, tracking the device’s location, recording audio, and sending SMS messages. The network communication with the C2 server is done by switching from HTTP to WebSocket via the Socket.IO library.
Blog
SecurityScorecard Identifies Infrastructure Linked to Widespread MOVEit Vulnerability Exploitation
SecurityScorecard shares its findings into a widespread MOVEit exploit which affected a number of high profile organizations.
Cyber Threat Intelligence