Mountain View, CA, USA
Jan 26, 2023   |  By Edward Kost
The January 2022 International Committee of the Red Cross (ICRC) data breach was caused by an unpatched critical vulnerability in the Single Signe-In tool developed by Zoho, a business software development company. After exploiting the vulnerability (tracked as CVE-2021-40539), the cybercriminals deployed offensive security tools to help gain access to ICRC's contact database, resulting in the compromise of more than 515,000 globally.
Jan 26, 2023   |  By Edward Kost
The Kasya ransomware attack occurred through the exploitation of CVE 2021-30116, an authentication bypass vulnerability within Kaseya VSA servers. This allowed the hackers to circumvent authentication controls and executive commands via SQL injection, giving them all the control they needed to deploy their ransomware payload and encrypt a segment of Kaseya's internal data.
Jan 25, 2023   |  By Kyle Chin
Few companies expect to be at the center of a newsworthy data breach incident. However, according to some sources, cybercriminals can access 93% of businesses in an average of two days. Around 150 million data records were compromised in the third quarter of 2022 alone. Businesses are increasingly reliant on data systems such as cloud computing and remote working to compete in the modern workplace.
Jan 25, 2023   |  By Kyle Chin
As we enter 2023, we look back at the past year in cybersecurity and make predictions for next year. We saw the rapid transformation of digital initiatives and policies that either saw businesses rise above and adapt or fail to react in time to protect themselves. Industries such as healthcare and education were hit hard by cyber attacks and are at risk of experiencing continued assaults on critical data. What will the world of cybersecurity look like in 2023?
Jan 24, 2023   |  By Kyle Chin
In 2022, cyber incidents in businesses and organizations worldwide have skyrocketed, with data breaches being one of the main concerns. Almost 109 million personal accounts and emails were compromised in Q3 2022 — a 70% increase compared to Q2. Particularly, Australia has seen a significant rise in data breaches, especially in its financial services and healthcare sectors.
Jan 12, 2023   |  By Kyle Chin
The HIPAA 1996 (Health Insurance Portability and Accountability Act) is a federal law enacted by the U.S. Congress that regulates how healthcare organizations handle PHI (protected health information) and ePHI (electronic protected health information). This includes complex and extensive rules for protecting critical medical data and sensitive patient information, so HIPAA non-compliance is often met with severe penalties.
Jan 6, 2023   |  By Kyle Chin
The System and Organization Controls, or SOC (sometimes referred to as service organizations controls), are the required security control procedures set as non-mandatory, internationally-recognized standards that help businesses measure how SaaS companies and service organizations manage data and sensitive information. Organizations or businesses that have successfully passed the SOC auditing process can attest to the quality of their security controls for regulating customer data.
Jan 5, 2023   |  By Edward Kost
The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in 2020. It strengthens the security standards of the California Consumer Privacy Act (CCPA), making California's consumer privacy laws more aligned with the General Data Protection Regulation (GDPR). The CCPA gives California residents the right to know what personal data is being collected by companies and whether it will be sold or disclosed to other parties.
Dec 27, 2022   |  By Catherine Chipeta
Data leaks are a popular attack vector for cybercriminals. They’re considered a shortcut to accessing valuable sensitive data without needing to carry out sophisticated cyber attacks. Once an attacker discovers a data leak, they can exploit it immediately. Organizations must be vigilant against internal and third-party data leaks. Otherwise, they risk leaving an instant pathway to costly data breaches exposed.
Dec 21, 2022   |  By Kyle Chin
The HECVAT (Higher Education Community Vendor Assessment Tool or Higher Education Community Vendor Assessment Toolkit) is a security framework and template that higher education institutions can use to measure the security risks associated with potential or existing vendors. HECVAT is excellent for higher ed institutions because many third-party organizations tend to have structures and follow practices that lend themselves to increased cybersecurity risk.
Jan 24, 2023   |  By UpGuard
Check out the latest product releases from UpGuard!
Dec 14, 2022   |  By UpGuard
Check out the latest product releases from UpGuard!
Nov 30, 2022   |  By UpGuard
Hear from a panel of Cybersecurity leaders, as they discuss vendor risk management and the best practices in securing your organization.
Nov 30, 2022   |  By UpGuard
Hear from UpGuard's Senior Product Manager, Chris Schubert, as he introduces you to UpGuard's new Risk Waiver workflow in Risk Assessments. This quarter, we’ve expanded our risk assessments framework so that you can waive risks within each individual risk assessment. This feature streamlines the risk waiver workflow so you can now create, review and waive risks all within a risk assessment.
Nov 30, 2022   |  By UpGuard
Hear from UpGuard's Product Marketing Manager, Annie Luu, as she introduces you to UpGuard's new Known Exploited Vulnerabilities feature.
Nov 30, 2022   |  By UpGuard
Learn from UpGuard's Product Marketing Lead, Harsh Budholiya, as he introduces you to UpGuard's NDA Protection feature in Shared Profiles. As part of Shared Profiles, you now have the option to add a non disclosure agreement, or NDA, that must be accepted by organizations before access is granted. This gives Shared Profile owners complete visibility and control over their privacy settings with features including access controls and logs to ensure sensitive and private information contained in Shared Profiles remains secure.
Nov 30, 2022   |  By UpGuard
Join UpGuard's Chief Product Officer, Dan Bradbury, as he shines a spotlight on all of the groundbreaking product releases from the last quarter and the exciting releases coming soon. Interested in finding out more about UpGuard?
Nov 7, 2022   |  By UpGuard
Check out the latest product releases from UpGuard!
Oct 3, 2022   |  By UpGuard
Check out the latest product releases from UpGuard!
Sep 4, 2022   |  By UpGuard
Check out the latest product releases from UpGuard!
Nov 7, 2018   |  By UpGuard
You understand the risks that third party vendors pose to your business, and you're ready to do something about it. What are the capabilities you need to understand your cyber risk, manage your vendors, and avoid data breaches?
Sep 6, 2018   |  By UpGuard
Perhaps your organization is looking to make a transition from traditional IT operations and development practices to DevOps, or you're looking to realign your career path with DevOps to position yourself more favorably to future opportunities. Whatever your motivations are, this eBook will provide you with foundation knowledge for boosting your career with DevOps.
Sep 6, 2018   |  By UpGuard
The fact that one has to "make a case" for Microsoft in the DevOps sphere puts them at a disadvantage, especially competing against major open source options with large community bases and proven performance. But, moving forward, one can expect the gap between Microsoft and other tools to close further, as they continue pressing their business in this direction.
Sep 1, 2018   |  By UpGuard
Cybersecurity is officially dead. Worldwide spending on security-related hardware, software and services rose to $73.7 billion in 2016 from $68.2 billion a year earlier, according to researcher IDC. This number is expected to approach $90 billion in 2018.
Sep 1, 2018   |  By UpGuard
ServiceNow® customers optimizing their IT service delivery and management processes require deeper context and detail level behind IT asset changes--information the leading help desk automation and incident reporting platform does not provide. In this report you'll learn how UpGuard fills this visibility and awareness gap, keeping ServiceNow® in line with the true state of your environment.
Aug 1, 2018   |  By UpGuard
DevOps and ITIL should be compared with an eye towards the problem you're trying to solve, with a focus on the tangible benefits you and your team would see from using each.
Aug 1, 2018   |  By UpGuard
Selecting a security provider is no easy feat-it includes months of designing a company's security strategy, evaluating different solutions, budgeting accordingly, and assuring stakeholders the investment will pay off by keeping their business safe.
Jul 1, 2018   |  By UpGuard
With the enterprise so dependent on technology and digitized assets, how can it prevent data-related disasters from sinking the business? The answer is by taking a new approach to managing cyber risk as a function of business risk at large. McKinsey calls this "Digital Resilience", but it can simply be thought of as conducting business safely in today's connected environments.
Jun 1, 2018   |  By UpGuard
Software engineering is changing and DevOps is at the heart of it. An organization's ability to be responsive to the business requires better collaboration, communication, and integration across IT.
May 1, 2018   |  By UpGuard
There is no doubt that the DevOps movement has gone mainstream. When even IBM and HP are dedicating sites to it there is no longer any question. If we were to place it on the Gartner Hype Cycle even the most devoted proponents would have to admit that it's rapidly approaching the "Peak of Inflated Expectations".

A better, smarter way to protect your data and prevent breaches. Our products help security, risk and vendor management teams take control of cyber risk and move faster with confidence.

UpGuard gathers complete information across every digital surface, stores it in a single, searchable repository, and provides continuous validation and insightful visualizations so companies can make informed decisions.

UpGuard then aggregates this information into an industry standard cyber risk score called CSTAR. The CSTAR score is a single, easy-to-understand value representing an organization's aptitude in monitoring compliance, tracking unwanted change, and detecting vulnerabilities in their infrastructure.

Businesses depend on trust, but breaches and outages erode that trust. UpGuard is the world’s first cyber resilience platform, designed to proactively assess and manage the business risks posed by technology.