Through our recent acquisition of LIFARS, SecurityScorecard's professional services enable you to take immediate action towards remediating incidents and mitigating risk. Please report an incident if you need help as soon as possible. You can also create a free account to begin assessing possible cybersecurity risks.
Contact us immediately if you learned that adversaries got a hold of your data. The initial 24 hours after the discovery are critical. We'll find the root cause and eliminate it. Afterward, our detailed forensics services can discover all compromised information. Our team will provide you with expertise to:
- Stop additional data loss
- Fix vulnerabilities and implement measures to prevent further attacks
- Collect and preserve court-admissible evidence
- Document and record the incident and the process
- Assist with involving law enforcement/regulators
- Notify affected parties under your industry requirements
We enrich our engagements with intelligence including advanced hacker Tactics, Techniques and Procedures (TTP’s) and Indicators of Compromise (IOCs) that are not available to every Incident Response provider.
Our expertise includes:
- Nation States
- Cyberextortion and Ransomware
- Organized Criminals
- Insider Threat
Statements of work include assignments with US government agencies, INTERPOL, and preferred providers for various Cyber-Insurance Panels.
01/20/2022 SecurityScorecard ALERT: CISA advisory – Prepare for data-wiping cyberattacks. Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats: DOWNLOAD HERE
01/11/2022 SecurityScorecard ALERT: CISA, FBI, and NSA Cybersecurity Advisory: Mitigating Russian State Sponsored Cyber Threat –DOWNLOAD PDF HERE
12/14/2021 SecurityScorecard ALERT iPhone Security Vulnerability: The iOS 15.2 update fixes 42 serious security vulnerabilities. Update as soon as possible before attackers strike. Update details: https://lifa.rs/iosupdatealert
12/13/2021 SecurityScorecard ALERT: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation. Review the Apache Log4j 2.15.0 Announcement HERE. Upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
12/8/2021 SecurityScorecard SMS ALERT: SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. View SonicWall Advisory
12/3/2021 SecurityScorecard SMS ALERT TLP: WHITE FBI and CISA warning APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk DOWNLOAD PDF HERE
11/22/2021 SecurityScorecard SMS ALERT – FBI, CISA, and CGCYBER have reports of malicious cyber actors using exploits against CVE-2021-40539 to gain access to ManageEngine ADSelfService Plus DOWNLOAD PDF HERE
11/19/2021 SecurityScorecard SMS ALERT TLP:WHITE – FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug. Zero-day vulnerability enables a remote attacker to upload a file to any location on the filesystem on an affected device: https://lifa.rs/fbiflashalert
11/16/2021 SecurityScorecard SMS ALERT: Chrome vulnerabilities have been discovered. Google has released Chrome version 96.0.4664.45 This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Upgrade now.
11/14/2021 SecurityScorecard SMS ALERT FBI Update – A software misconfiguration temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails: https://lifa.rs/fbibreechupdate
11/13/2021 SecurityScorecard SMS ALERT: FBI Server hack. Beware of emails impersonating FBI warnings that your network was breached. Messages may come from: “[email protected]” Subject: “Urgent: Threat actor in systems.” Email IP address 18.104.22.168 (mx-east-ic.fbi.gov)