The SecurityScorecard Global Third-Party Breach Report uses the world’s largest proprietary risk and threat dataset to provide unique insights into the intricate web of supply chain vulnerabilities exploited by ransomware groups. As the digital landscape continues to evolve, so too do the tactics of cyber adversaries. Ransomware groups, in particular, have honed in on a prime target: the software supply chain.

A cybersecurity vendor questionnaire is vital in assessing the competency and reliability of potential partners. It serves as a comprehensive tool to evaluate various aspects crucial for safeguarding sensitive data and infrastructure. Through detailed inquiries about security protocols, compliance measures, incident response plans, and past breach incidents, the questionnaire helps gauge the vendor’s commitment to robust cybersecurity practices.

After a years-long investigation, this week the FBI and law enforcement agencies in the UK and Europe took over the main website of the cybercrime group known as LockBit. Law enforcement additionally arrested LockBit associates in Poland, Ukraine, and the U.S. and the U.S. Treasury imposed sanctions on Russian nationals affiliated with the group. The joint operation re-engineered LockBit’s online system to mimic the countdown clock used by the group in its extortion attempts.

In July 2023, the SEC adopted a new rule requiring disclosure of “material” cybersecurity incidents and detailed information on cybersecurity risk management, strategy and governance by public companies. With the new rule taking effect in December and annual reports due for public release and consumption in the first few months 2024, companies are scrambling to closely review and hone their cyber programs to address these new reporting requirements.

Earlier this month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that the hacking group known as “Volt Typhoon” has been lurking in US critical infrastructure systems for at least five years.

Traditional security paradigms are increasingly falling short against sophisticated cyber threats in the dynamic and challenging cybersecurity landscape. This has led organizations to adopt the zero-trust security model, a paradigm shift that assumes no internal or external entity is to be trusted without verification.

As the digital attack surface expands, organizations and individuals worldwide face the nonstop threat of cyberattacks, phishing scams, and other cyber vulnerabilities. And with Valentine’s Day here, romance scams — especially ones originating online — are intensifying. With that in mind, SecurityScorecard’s researchers took a close look at the world of dating app security and romance scams to protect people—and their hearts—during Valentine’s Day.

In the swiftly evolving landscape of technology, cloud computing stands as a pivotal innovation, reshaping how we store, access, and manage data across the digital expanse. This paradigm shift towards cloud services offers unparalleled efficiency and flexibility, transforming the very foundation of our digital interactions. However, this transition also introduces complex security challenges that demand a nuanced and proactive approach to safeguard sensitive information against cyber threats.

The Internet of Things (IoT) has ushered in an era where devices are interconnected across the internet, enabling them to communicate and share data with ease. This innovation has dramatically transformed everyday life, introducing conveniences that were once the stuff of science fiction. Now, we can monitor our homes through cameras connected to our networks, control appliances from our smartphones, and receive real-time updates from our cars and health-monitoring smartwatches.

In the intricate web of digital security threats, one particularly disruptive technique stands out: the Distributed Denial of Service (DDoS) attack. This form of cyber assault involves numerous compromised systems, often referred to as bots or zombies, which are used to overwhelm a target website with an avalanche of requests. The result? Legitimate users find themselves unable to access the site, leading to significant operational disruptions.

The world of cybersecurity is vast and teeming with a wide array of hackers who possess distinct motivations, objectives, and methods. Unfortunately, public awareness of these differences is nearly non-existent. Some individuals employ their skills for noble purposes, while others are driven by malicious intent. Let’s delve into several subcultures within the realm of hackers, exploring their unique characteristics and their roles in shaping the cybersecurity landscape.

Tomorrow, February 6, 2024, the House Homeland Security Committee will hold a hearing on securing US water systems from cyberattacks. Following last year’s widely publicized attack on the municipal water system in Aliquippa, Pennsylvania, Congress, the Cybersecurity and Infrastructure Security Agency (CISA), and industry leaders have rightly increased their focus on the unique risks facing water systems across the country.

As part of a multi-part series with NightDragon, Nasdaq, and J.P. Morgan, SecurityScorecard founder and CEO Dr. Aleksandr Yampolskiy sat down with NightDragon CEO Dave DeWalt and unveiled his deep-rooted passion for cybersecurity. Tracing back to an early encounter with a computer virus as a child, Yampolskiy discusses how this pivotal moment sparked an enduring curiosity, driving him toward a distinguished academic path.

Many people around the world right now are confused as to whether their organization is ready for Google and Yahoo’s new requirements for bulk senders. So don’t worry, you’re not alone. Back in October the announcement was made that there would be consequences for organizations sending more than 5,000 emails a day who didn’t have their email security in order. But what are the consequences? And who really needs to worry?