The SecurityScorecard Global Third-Party Breach Report uses the world’s largest proprietary risk and threat dataset to provide unique insights into the intricate web of supply chain vulnerabilities exploited by ransomware groups. As the digital landscape continues to evolve, so too do the tactics of cyber adversaries. Ransomware groups, in particular, have honed in on a prime target: the software supply chain.

In July 2023, the SEC adopted a new rule requiring disclosure of “material” cybersecurity incidents and detailed information on cybersecurity risk management, strategy and governance by public companies. With the new rule taking effect in December and annual reports due for public release and consumption in the first few months 2024, companies are scrambling to closely review and hone their cyber programs to address these new reporting requirements.

A cybersecurity vendor questionnaire is vital in assessing the competency and reliability of potential partners. It serves as a comprehensive tool to evaluate various aspects crucial for safeguarding sensitive data and infrastructure. Through detailed inquiries about security protocols, compliance measures, incident response plans, and past breach incidents, the questionnaire helps gauge the vendor’s commitment to robust cybersecurity practices.

After a years-long investigation, this week the FBI and law enforcement agencies in the UK and Europe took over the main website of the cybercrime group known as LockBit. Law enforcement additionally arrested LockBit associates in Poland, Ukraine, and the U.S. and the U.S. Treasury imposed sanctions on Russian nationals affiliated with the group. The joint operation re-engineered LockBit’s online system to mimic the countdown clock used by the group in its extortion attempts.

Earlier this month, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that the hacking group known as “Volt Typhoon” has been lurking in US critical infrastructure systems for at least five years.

Traditional security paradigms are increasingly falling short against sophisticated cyber threats in the dynamic and challenging cybersecurity landscape. This has led organizations to adopt the zero-trust security model, a paradigm shift that assumes no internal or external entity is to be trusted without verification.

As the digital attack surface expands, organizations and individuals worldwide face the nonstop threat of cyberattacks, phishing scams, and other cyber vulnerabilities. And with Valentine’s Day here, romance scams — especially ones originating online — are intensifying. With that in mind, SecurityScorecard’s researchers took a close look at the world of dating app security and romance scams to protect people—and their hearts—during Valentine’s Day.

In the swiftly evolving landscape of technology, cloud computing stands as a pivotal innovation, reshaping how we store, access, and manage data across the digital expanse. This paradigm shift towards cloud services offers unparalleled efficiency and flexibility, transforming the very foundation of our digital interactions. However, this transition also introduces complex security challenges that demand a nuanced and proactive approach to safeguard sensitive information against cyber threats.

The Internet of Things (IoT) has ushered in an era where devices are interconnected across the internet, enabling them to communicate and share data with ease. This innovation has dramatically transformed everyday life, introducing conveniences that were once the stuff of science fiction. Now, we can monitor our homes through cameras connected to our networks, control appliances from our smartphones, and receive real-time updates from our cars and health-monitoring smartwatches.

In the intricate web of digital security threats, one particularly disruptive technique stands out: the Distributed Denial of Service (DDoS) attack. This form of cyber assault involves numerous compromised systems, often referred to as bots or zombies, which are used to overwhelm a target website with an avalanche of requests. The result? Legitimate users find themselves unable to access the site, leading to significant operational disruptions.